Israeli Spyware Detected in Apple Devices: Researchers

Spyware linked to Israeli firm NSO exploited a new discovered flaw in Apple devices, says researchers at Citizen Lab. The flaw had been used to infect the device with Pegasus spyware. 

In 2021, Apple had filed a lawsuit against the NSO Group for the Pegasus spyware targeting Apple users. The Israeli firm is known to create sophisticated, state-sponsored surveillance technology that allows Pegasus spyware for surveillance of victims. 

John Scott-Railton, senior researcher at Citizen Lab, said this shows that civil society is once again serving as the early warning system about really sophisticated attacks. The flaw, which was discovered by an employee of the Washington-based civil society group last week, comprised iPhones running the latest version of iOS (16.6). 

Citizen Lab said Pegasus spyware did this without any interaction from the victim. Researchers advised all users of Apple devices to update their operating systems immediately to fix the bugs. “Last week, while checking the device of an individual employed by a Washington DC-based civil society organization with international offices, Citizen Lab found an actively exploited zero-click vulnerability being used to deliver NSO Group’s Pegasus mercenary spyware.” Researchers revealed the exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim. 

Apple said a bug tracked as CVE-2023-41064, allowed devices, including some iPhones, iPad, Macs, and Apple Watches to become vulnerable to attack when processing a maliciously crafted image. “It affects the image I/O framework. The other vulnerability, CVE-2023-41061, similarly creates security issues if a device is sent a maliciously crafted attachment.” 

The bug was found in Apple’s Wallet function. Apple said it was aware of a report that this issue may have been actively exploited, and declined to comment further about the bugs. Citizen Lab said it called the exploit chain BLASTPASS because it invoked PassKit – a framework that allows developers to include Apple Pay in their apps. 

NSO has been in the spotlight for quite some time because of the Pegasus spyware, which has been deployed by governments across the world to spy on their citizens. In 2022, US President Joe Biden blocked the use of this spyware. The EU is also looking at banning its use.