Apple has urged users to update their device software after ‘zero click’ Pegasus malware sent attributed to Israel’s NSO Group was found by Canadian Internet security watchdog Citizen Lab on a Saudi activist’s iPhone. This is the first time that a “zero-click” exploit has been caught and analysed.
“After identifying the vulnerability used by this exploit for iMessage, Apple rapidly developed and deployed a fix in iOS 14.8 to protect our users. Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals.
While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data”
Ivan Krstic, Head sOf Security Engineering & Architecture, Apple
NSO has neither confirmed nor denied that it is behind the attack, saying only that it would “continue to provide intelligence and law enforcement agencies around the world with life-saving technologies to fight terror and crime”. The FBI has launched an investigation and Israel has set up a senior inter-ministerial team to look into the matter.
While all of this is a bit alarming, security experts have said that attacks of this type are very specific and targeted and that average users should not be concerned.
Source: Sky News
Informed Sauce is hosting an Infinidat-sponsored event in London on 2 December about protecting businesses from cyber crime, and particularly ransomware attacks.
Short talks from the Metropolitan Police, a military-trained cyber threat expert and sponsor Infinidat’s EMEA Field CTO will be followed by a panel-led, room-wide moderated discussion, with plenty of opportunities for you to contribute your thoughts and ask questions.
Visit the event microsite for more details and to sign up.