According to reports, the vulnerability was discovered by tech research firm Citizen Labs and is described as a “zero-day zero-click exploit” that affects a whole host of Apple devices that run on iOS, macOS and watchOS. The researchers found it while looking through an iPhone owned by a Saudi Arabian activist that was known to be infected by a spyware program from Israel’s NSO Group, who created Pegasus.
“This spyware can do everything an iPhone user can do on their device and more,” said Citizen Labs senior researcher John Scott-Railton. Since the discovery, Apple has responded with an emergency update for all affected devices on Monday, also pointing out that it was “aware of a report that this issue may have been actively exploited” in the update notes.
“We’d like to commend Citizen Lab for successfully completing the very difficult work of obtaining a sample of this exploit so we could develop this fix quickly,” said Ivan Krstić, head of security engineering and architecture at Apple. “Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals. While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data.”
While not directly commenting on the new attack, the Israeli spyware company said on Monday that ”NSO Group will continue to provide intelligence and law enforcement agencies around the world with life-saving technologies to fight terror and crime.”
In other Apple-related news, the tech company says motorcycle engines can damage your iPhone camera permanently through powerful vibrations.