A vulnerability in the iOS source code appears to have allowed NSO customers, including Saudi Arabia, Rwanda, and Mexico, to hide malware in images sent via iMessage in order to gain control of the phone.
A vulnerability in the iOS source code appears to have allowed the Pegasus spyware to take control of the phone's functions. Photo: AFP
Pegasus can stealthily read encrypted messages stored on the phone, remotely activate the camera and microphone, and continuously track the phone's location.
The new patch from Apple also addresses a vulnerability affecting Apple Wallet, where people store payment cards, the company said in a brief statement Thursday evening without providing further details as it rolled out the update to billions of phones.
This latest patch, one of the few Apple has released in recent years, continues to be seen as a cat-and-mouse game between leading American tech companies and spyware manufacturers like Israel-based NSO.
While NSO claims its product is only used for monitoring potential terrorists and combating organized crime, the vulnerability was discovered by the University of Toronto's Citizen Lab. They stated they found it on the phone of an employee of a Washington-based "civil society" organization.
The discovery of this latest vulnerability shows that NSO continues to find rare weaknesses in some complex operating systems, despite US sanctions against the organization.
My Lan (according to FT)
Source
Comment (0)