Apple issues software update over spyware
Apple Inc has issued an emergency software patch in its Messages app to block a no-click spyware that could infect iPhones and iPads.
According to the company, the security update was issued after it was determined that the flaw could be exploited if a user received a maliciously-crafted PDF file.
The flaw was disclosed by University of Toronto's cyber-research unit Citizen Lab.
According to the security researchers, Israel-based NSO Group used the flaw to exploit and infect the latest devices with spyware.
With the flaw, a hacker using NSO's Pegasus malware gained access to Saudi activist's iPhone.
The flaw allows hackers to access Apple devices through the iMessage service even if users do not click on a link or file, known as a zero-click exploit.
The issue could affect all of Apple's devices, including iPhones, Macs and Apple Watches.
Apple's iMessage is considered to be one of the most secure messaging apps.
The tech giant has issued the update on the iPhone, iPad, Mac and Apple Watch through iOS 14.8, iPadOS 14.8, macOS 11.6 and watchOS 7.6.2 software updates.
Citizen Lab researchers said they had found evidence of zero-click spyware earlier too but the latest was the first time where they could capture the exploit to find out how it works.
John Scott-Railton, senior researcher at Citizen Lab, said: "What this highlights is that chat apps are the soft underbelly of device security.
"They are ubiquitous, which makes them really attractive, so they are an increasingly common target for attackers. They need to be a major priority for security."
© DPA 2021