Researchers from the prominent digital watchdog group, Citizen Lab, have uncovered a sophisticated spyware campaign linked to the Israeli technology company NSO. This clandestine operation exploited a previously unknown vulnerability in Apple devices, leaving users susceptible to covert surveillance. The implications of this discovery are far-reaching, raising concerns about the privacy and security of Apple’s vast user base.
The incident came to light when Citizen Lab was investigating the Apple device of an employee affiliated with a Washington-based civil society group. Their examination uncovered compelling evidence that the security flaw had been weaponised, infecting the device with NSO’s notorious Pegasus spyware. In a statement, Citizen Lab emphasised the importance of civil society organisations acting as early warning systems against these highly sophisticated cyber-attacks.
John Scott-Railton, a senior researcher at Citizen Lab, stated, “This shows that civil society is once again serving as the early warning system about really sophisticated attacks.” The organisation, headquartered at the University of Toronto’s Munk School of Global Affairs and Public Policy, is renowned for its tireless efforts in uncovering digital threats and advocating for digital rights.
One of the most alarming aspects of this revelation is the ease with which the vulnerability allowed attackers to compromise iPhones. Even devices running the latest version of iOS (16.6) were not immune, and the attack could be executed without any interaction from the victim. This highlights the sophistication of the exploit and underscores the urgency for users to update their devices promptly.
Apple, responding to Citizen Lab’s findings, promptly issued new updates aimed at patching the identified vulnerabilities. While an Apple spokesperson refrained from providing additional commentary on the matter, Citizen Lab urged consumers to ensure that their devices are running the latest security updates to safeguard against potential threats.
Conspicuously absent from the discourse was a statement from NSO, the Israeli firm linked to the spyware. The company has been the subject of international scrutiny and controversy, having been blacklisted by the US government since 2021 for alleged abuses that include the surveillance of government officials and journalists.
