Apple issues round of updates to fix zero-day exploit


Apple has issued updates to its operating systems addressing a zero-day fix related to an iMessage hack. The hack reportedly requires no user interaction and is related to the NSO Group. Citizen Lab is credited with reporting the exploit while investigating an iPhone of a Saudi activist that it believed had been hacked with NSO’s spyware Pegasus.

Motherboard:

The researchers told Motherboard that they believe the attack was carried out by a customer of NSO, the infamous Israeli company that sells spyware to dozens of governments all over the world. The hack relied on an unknown vulnerabilityâ€"also known as a zero-dayâ€"in iMessage, which allowed the hackers to take over a target’s phone by sending them a message that was effectively invisible. These kinds of attacks are called zero-click exploits, as they don’t require the victim to click on anything.

Citizen Lab wrote in a blog post that it believes this zero-day was being used since at least February of this year.

To address the exploit, Apple issued iOS 14.8, macOS 11.6, and watchOS 7.6.2. It's somewhat noteworthy that Apple released the update the day before it is expected to announce release dates for the next major revision of its operating systems. Apple previewed iOS 15, macOS 12 (Monterrey), and watchOS 8 earlier this year at its World Wide Developer Conference.