They may also be used to mitigate some security issues more quickly, such as issues that might have been exploited or reported to exist "in the wild." They deliver important security improvements between software updates - for example, improvements to the Safari web browser, the WebKit framework stack, or other critical system libraries. Morocco, a key French ally, denied those reports and is taking legal action to counter allegations implicating the North African kingdom in the spyware scandal.Rapid Security Responses are a new type of software release for iPhone, iPad, and Mac. India's parliament also erupted in protests as opposition lawmakers accused Prime Minister Narendra Modi's government of using NSO Groups' product to spy on political opponents and others.įrance is also trying to get to the bottom of allegations that President Emmanuel Macron and members of his government may have been targeted in 2019 by an unidentified Moroccan security service using Pegasus. The recent revelations also prompted calls for an investigation into whether Hungary's right-wing government used Pegasus to secretly monitor critical journalists, lawyers and business figures. The CIA attributed the murder to the Saudi government. One case involved the fiancee of Washington Post journalist Jamal Khashoggi just four days after he was killed in the Saudi Consulate in Istanbul in 2018. Amnesty International said it confirmed 37 successful Pegasus infections based on a leaked targeting list whose origin was not disclosed. In July, a global media consortium published a damning report on how clients of NSO Group have been spying for years on journalists, human rights activists, political dissidents, and people close to them, with the hacker-for-hire group directly involved in the targeting. federal court for allegedly targeting some 1,400 users of the encrypted messaging service with spyware. In October 2019, Facebook sued NSO in U.S. "If Pegasus was only being used against criminals and terrorists, we never would have found this stuff," said Marczak.įacebook's WhatsApp was also allegedly targeted by an NSO zero-click exploit. The researchers said it also undermines NSO Group's claims that it only sells its spyware to law enforcement officials for use against criminals and terrorists and audits its customers to ensure it's not abused. "And it's why it's so important that companies focus on making sure that they are as locked down as possible." "Chat apps are increasingly becoming a major way that nation-states and mercenary hackers are gaining access to phones," he said. Researcher John Scott-Railton said the news highlights the importance of securing popular messaging apps against such attacks. It urged people to immediately install security updates. Those who want to jump the gun can go into the phone settings, click "General" then "Software Update," and trigger the patch update directly.Ĭitizen Lab called the iMessage exploit FORCEDENTRY and said it was effective against Apple iOS, MacOS and WatchOS devices. Users should get alerts on their iPhones prompting them to update the phone's iOS software. Apple didn't respond to questions regarding whether this was the first time it had patched a zero-click vulnerability. In a subsequent statement, Apple security chief Ivan Krstić commended Citizen Lab and said such exploits "are not a threat to the overwhelming majority of our users." He noted, as he has in the past, that such exploits typically cost millions of dollars to develop and often have a short shelf life. It said it was aware that the issue may have been exploited and cited Citizen Lab. In a blog post, Apple said it was issuing a security update for iPhones and iPads because a "maliciously crafted" PDF file could lead to them being hacked.
0 Comments
Leave a Reply. |