![]() One process within the hack's code was named "setframed," the same name given in a 2020 infection of a device used by a journalist at Al Jazeera, the researchers found. Cybersecurity and Infrastructure Security Agency had no immediate comment.Ĭitizen Lab said multiple details in the malware overlapped with prior attacks by NSO, including some that were never publicly reported. ![]() Securing them should be top priority," said Citizen Lab researcher John Scott-Railton. "Popular chat apps are at risk of becoming the soft underbelly of device security. But that upgrade has not fully protected the system. IMessage has been repeatedly targeted by NSO and other cyber arms dealers, prompting Apple to update its architecture. The vulnerability lies in how iMessage automatically renders images. Researchers said they did not believe there would be any visible indication that a hack had occurred. The intended targets would not have to click on anything for the attack to work. It is unknown how many other users may have been infected. In a statement to Reuters, NSO did not confirm or deny that it was behind the technique, saying only that it would "continue to provide intelligence and law enforcement agencies around the world with life-saving technologies to fight terror and crime."Ĭitizen Lab said it found the malware on the phone of an unnamed Saudi activist and that the phone had been infected with spyware in February. "While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data," he added.Īn Apple spokesperson declined to comment on whether the hacking technique came from NSO Group. "Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals." "After identifying the vulnerability used by this exploit for iMessage, Apple rapidly developed and deployed a fix in iOS 14.8 to protect our users," said Ivan Krstić, head of Apple Security Engineering and Architecture, in a statement. The tool developed by the Israeli firm, named NSO Group, defeats security systems designed by Apple in recent years.Īpple said it fixed the vulnerability in Monday's software update, confirming Citizen Lab's finding. The discovery is important because of the critical nature of the vulnerability, which requires no user interaction and affects all versions of Apple's iOS, OSX, and watchOS, except for those updated on Monday. Sept 13 (Reuters) - A cyber surveillance company based in Israel developed a tool to break into Apple (AAPL.O) iPhones with a never-before-seen technique that has been in use since at least February, internet security watchdog group Citizen Lab said on Monday.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |