Apple Urges Customers to Update Software Upon Discovery of Highly Invasive Spyware

A highly invasive yet invisible spyware from Israel's NSO Group is believed to have been siphoning data from Apple devices for six months.

NSO Group spyware has been found in iPhones that belong to activists and political dissidents. ODD ANDERSEN/AFP via Getty Images

Apple is urging all users of iPhone, iPad, Apple Watch, Mac computer and other Apple devices to update their software to prevent a highly invasive yet invisible spyware from stealing your photos, messages and calls.

Apple issued emergency software updates on Monday to address the security issue after researchers at Citizen Lab, a cybersecurity watchdog organization at the University of Toronto, discovered that a virus made by Israel’s NSO Group had infected some Apple devices without leaving any trace.

NSO Group sells spyware to governments around to the world to surveil targeted individuals such as terrorists and criminals.

The spyware in question, called Pegasus, used a novel method called “zero-click remote exploit” to invisibly access an Apple user’s full digital life without the victim’s knowledge. For example, it can turn on a user’s camera and microphone, record messages—including those sent via encrypted apps—and send them back to NSO’s clients.

“This spyware can do everything an iPhone user can do on their device and more,” John Scott-Railton, a senior researcher at Citizen Lab who worked on the findings, told The New York Times on Monday.

Apple customers are advised to install the newly released iOS 14.8, MacOS 11.6 and WatchOS 7.6.2. for the fix to take effect.

The emergency updates were released one day before Apple’s annual product reveal.

“Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life and are used to target specific individuals,” Ivan Krstić, Apple’s head of security engineering and architecture, said in a statement on Monday.

Apple also plans to introduce new security defenses for iMessage in the next iOS 15 software update, expected later this year.

Citizen Lab’s researchers first learned about Pegasus in March a Saudi activist reported that his iPhone had been infected. They estimate that the spyware had been drawing data from Apple devices for at least six months.

NSO Group has said that it only does business with clients that meet strict human rights standards. But its spyware has been found in phones that belong to activists, dissidents, lawyers and doctors in countries like Saudi Arabia, the United Arab Emirates and Mexico, according to The New York Times.

In a statement on Monday, NSO Group said it “will continue to provide intelligence and law enforcement agencies around the world with life saving technologies to fight terror and crime.” Apple Urges Customers to Update Software Upon Discovery of Highly Invasive Spyware