It was discovered during a second examination of the phone, which forensics showed had been infected in March. Malicious image files were transmitted to the activist’s phone via the iMessage instant-messaging app before it was hacked with NSO’s Pegasus spyware, which opens a phone to eavesdropping and remote data theft, Marczak said. “We’re not necessarily attributing this attack to the Saudi government,” said researcher Bill Marczak.Ĭitizen Lab previously found evidence of zero-click exploits being used to hack into the phones of al-Jazeera journalists and other targets, but hasn’t previously seen the malicious code itself.Īlthough security experts say that average iPhone, iPad and Mac user generally need not worry - such attacks tend to be limited to specific targets - the discovery still alarmed security professionals. The targeted activist asked to remain anonymous, they said. It was the first time a so-called “zero-click” exploit - one that doesn’t require users to click on suspect links or open infected files - has been caught and analyzed, the researchers said. NSO Group responded with a one-sentence statement saying it will continue providing tools for fighting “terror and crime.” The previously unknown vulnerability affected all major Apple devices - iPhones, Macs and Apple Watches, the researchers said. They said they had high confidence that the world’s most infamous hacker-for-hire firm, Israel’s NSO Group, was behind that attack. Researchers at the University of Toronto’s Citizen Lab said the security issue was exploited to plant spyware on a Saudi activist’s iPhone.
BOSTON (AP) - Apple released a critical software patch to fix a security vulnerability that researchers said could allow hackers to directly infect iPhones and other Apple devices without any user action.