The Apple group has urgently repaired a computer flaw, spotted by Citizen Lab researchers, that the Pegasus software was able to exploit to infect iPhones, without using links or booby-trapped buttons.
It has always been a selling point for Apple, the security of its phones, tablets and computers. This possible weakness shows that the Apple brand is just as fallible as other computer companies. Researchers at Citizen Lab found that the Pegasus spyware was able to hack into Apple devices without using booby-trapped links or buttons, the usual technique.
They, who had already played a key role in exposing the mass spying carried out via Pegasus, noticed the flaw after discovering that a Saudi activist's iPhone had been infected via iMessage, Apple's messaging system. According to this U of T cybersecurity organization, Pegasus has been using this vulnerability "since at least February 2021."
Faced with this threat, Apple has made an emergency update. He also congratulated the researchers for their work and stressed that this type of attack, "ultra-sophisticated", "cost millions of dollars, do not last long and are used to target specific people".
They, therefore "do not pose a threat to the overwhelming majority of our users," assured Ivan Krstić, Apple's director of security systems. "But we continue to work tirelessly to defend all our customers."
Data theft and ransomware attacks have been on the rise in recent months, targeting various companies and organizations, including a U.S. oil pipeline operator and a major Indian airline. Last July, a consortium of 17 media outlets also exposed a mass spying scandal via spyware developed by Israeli company NSO. ".
A number of the French President Macron, Edouard Philippe and 14 members of the government were "in the list of numbers selected by a Moroccan state security service, user of Pegasus spy software, for potential hacking." In all, according to the association's Amnesty and Forbidden Stories, the case involves a list of 50,000 phone numbers worldwide selected since 2016 by NSO customers.