Apple has issued an emergency patch after cybersecurity researchers showed they had uncovered a new vulnerability that allowed hackers to deploy a spyware tool created by NSO Group through iMessage.
Apple issued the patch on Monday to remedy the issue, which was discovered by researchers at the University of Toronto’s Citizen Lab after they inspected the iPhone of a Saudi activist that had been infected with spyware developed by NSO.
According to Citizen Lab, the vulnerability allowed hackers to access a target’s iPhone, Mac computer or Apple Watch via iMessage, without the user needing to click on a malicious link. The exploit, coined as “FORCEDENTRY” by the researchers, is known as a “zero-click” attack.
Military spyware manufacturer NSO had “used the vulnerability to remotely exploit and infect the latest Apple devices” with its spyware, known publicly as Pegasus, “since at least February 2021”
In a statement on Monday, the company said: “NSO Group will continue to provide intelligence and law enforcement agencies around the world with life-saving technologies to fight terror and crime.”