Apple iOS 14.8 rolled out to fix zero-day flaw linked to Pegasus spyware

The spyware can infect devices without users clicking on any malicious message or link.

Apple has recently released iOS 14.8 to fix a security issue relating to the Pegasus spyware, which can potentially infect devices. The spyware can infect devices without users clicking on any malicious message or link.
What is the Pegasus scandal?
The Pegasus software from Israel firm NSO Group has been the subject of intense scrutiny in the past few days, ever since an international media investigation claimed that it was used to spy on journalists and human rights activists.

Apple Devices under the Threat from Pegasus

Researchers at Citizen Lab, a cybersecurity watchdog organisation in Canada, found the problem while analysing a Saudi activist’s phone. The phone had been compromised using a code. In a post, Citizen Lab wrote, "We determined that the mercenary spyware company NSO Group used the vulnerability to remotely exploit and infect the latest Apple devices with the Pegasus spyware."

It was in March that Citizen Lab examined the activist’s phone and determined that it was hacked with Pegasus spyware. The spyware was introduced through iMessage texting, and it did not require the phone user to click any link or message.

Sometime after releasing the fix, Apple said that it had "rapidly" developed the update, following Citizen Lab’s discovery of the spyware. "Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals," the company said.

Meanwhile, NSO did not dispute Pegasus had prompted the urgent software upgrade. It said in a statement that it would "continue to provide intelligence and law enforcement agencies around the world with life-saving technologies to fight terror and crime."

“Zero-Click Exploit”

Pegasus has evolved since its discovery by Citizen Lab and cyber security firm called Lookout. Following a “zero-click exploit”, the spyware can now install itself into a phone without the user having to click any link. It then silently infects the device. Pegasus can then switch on a phone’s camera or microphone and harvest its data.

Amidst the recent controversy, a committee under Israel's Defense establishment will review NSO's business, including the process through which export licences are granted. NSO has insisted that its software is only intended for use in fighting terrorism and other similar crimes. The company sells their software to 45 different countries, and it is still looking to expand.

Web Title apple ios 14.8 rolled out to fix zero-day flaw linked to pegasus spyware
Oops... Seems you are offline