Apple Releases Updates To Stop NSO Group Exploits That You Should Install Immediately

Yesterday Apple dropped an series of updates to stop exploits that were being used by the NSO Group to spy on targets such as human rights activists. If you value your security, you should ensure that you’re running the following Apple Software:

  • iOS/iPadOS 14.8
  • watchOS 7.6.2
  • macOS 11.6

Those versions fix one or both of these vulnerabilities. This is taken from the iOS/iPadOS security page:

One of these exploits was discovered by The Citizen Lab at the University Of Toronto who has found other exploits used by the NSO Group in the past. They have a very detailed write up on these exploits. It’s very much worth reading. But the key thing that you need to know about these exploits is that they allow the NSO Group to install their Pegasus spyware without user interaction. Meaning that it’s a “zero click” exploit which is the most dangerous type of exploit that’s out there as you don’t have to do anything to get pwned.

Now, while it is very unlikely that you’re a target of the NSO Group, installing these updates ensures that bad actors can’t threaten your security. I say that because now that these updates are out there, it is highly likely that bad actors will try to exploit these vulnerabilities on older versions of Apple’s software. Assuming that they haven’t already. Thus it’s once again time to patch all the things.

UPDATE: Toby Lewis, Global Head of Threat Analysis, Darktrace had these comments: 

How Pegasus is getting inside the phones:

Pegasus will use a range of exploits to gain access to a device and can be somewhat tailored to the target or attack campaign. Fundamentally, they have access to a range of iOS (Apple) and Android vulnerabilities that would allow them to exploit a range of native applications (i.e., applications that came pre-installed on the devices), often by just trying to open a file sent in an email or over text message; or clicking on a link that opens in Safari (for example). The exploits allow them to jailbreak the device, give them elevated privileges to install additional applications, or configure the device however the attacker wants – including installing the spyware component of Pegasus.Pegasus spyware can record texts, emails, and phone calls and share them with the NSO Group’s clients. It can also turn on devices’ cameras and microphones. Exploits like these are highly sophisticated and often target specific individuals like intelligence agents, reporters, etc., who have highly classified or confidential information. For high-priority targets, hackers will always find a way. While these attacks are not a threat to most Apple users, increased cyber-criminal adoption could be a severe issue. For example, criminal attackers could use the access to steal personal data for bigger campaigns, fraud, theft, and potentially even mass user lockout to ask for payment. Once bad actors make spyware, it can be sold and proliferate quickly globally. If it gets into the wrong hands, it will absolutely be used nefariously and potentially to a broader group of targets.There are also some good details on the “FORCEDENTRY” exploit directly from the researchers: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/

Thoughts on Apple’s history of protecting users against spyware: Why do you think it’s something that’s still a problem? How do they compare to similar companies such as Google (Android) in terms of cybersecurity and privacy?

Cyber-attackers will always target companies like Apple, given the proliferation of their technology and how critical it has become to everything we do. From navigating with maps to accesses our bank accounts, our lives depend on these devices. From a security architecture perspective, Apple has long operated a so-called “Walled Garden” where the underlying Operating System on the phone is completely inaccessible to any third-party applications, which can only be installed via the official App Store and are themselves installed and ran from a compartmentalized area of storage and processing. With the high degree of vetting for applications in the App Store, the only real way for malware to become installed on an Apple device is by exploiting the underlying operating system – the process known as Jailbreaking.Android’s architecture has been a much more open affair, on the one hand, given users greater freedom to install whatever applications they like, but without the protections afforded by Apple. Even via the official App Store (Google Play), there is only limited vetting and moderation, increasing the risk of malware being installed without the need for a clever exploit.Overall, Apple has a great track record of working with researchers to identify exploits so they can quickly patch. But that doesn’t mean the zero-day hadn’t already been exploited in the wild before it was identified. The research group who discovered the exploit found it in March while examining a Saudi activist’s phone. Apple issued a patch in September. 

Additional background/industry context:

It is crucial for everyone to immediately update their Apple devices, especially if you access proprietary information. While most people aren’t likely to be targeted, better to be safe than sorry. We must accept that all technology introduces security risks. At-risk sectors should take additional precautions to protect their communications through additional layers of defense. Self-learning AI has made leaps and bounds in allowing organizations to detect malware and spyware on employee devices before sensitive information leaks out of the organization.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: