APPLE issued an emergency software update after a huge security breach was found to allow iPhones to be hacked without any user action.
Researchers discovered that a flaw in the system allowed spyware to be downloaded from a hacker-for hire firm and directly infect an iPhone belonging to a Saudi activist.
3
3
Researchers at the University of Toronto’s Citizen Lab said the security vulnerability affected all operating systems under Apple, according to The Associated Press.
The researchers — who discovered the unwanted code on September 7 and immediately contacted Apple — said it was the first time a zero-click exploit had been identified and analyzed.
NSO Group, an Israeli company, is suspected to be behind the attack against the anonymous activist.
Bill Marczak, researcher, stated that the attack was not necessarily attributable to the Saudi government.
“Although Citizen Lab previously found evidence of zero-click exploits being used to hack into the phones of al-Jazeera journalists and other targets, this is the first one where the exploit has been captured so we can find out how it works.”
Marczak explains that malicious image files were transferred to the victim’s phone through the iMessage instant-messaging app before the device was hacked with NSO’s Pegasus spyware.
Marczak explained that spyware can be used to remotely steal data and eavesdrop on phones.
According to an Apple blog post, a security update is being issued for iPhones and iPad’s after a “maliciously crafted” PDF or web content could result in them getting hacked.
John Scott-Railton, researcher, stated that this type of hacking is a sign how critical it is to secure messaging apps.
Chat apps are becoming an increasingly important way for hackers to gain access to phones.
“And it’s why it’s so important that companies focus on making sure that they are as locked down as possible.”
On September 13, 2021, Apple released updates for iOS 14.8 and iPadOS 14.8 — both of which explain CoreGraphics and WebKit vulnerabilities.
Just a few months ago, experts warned of a new serious threat to privacy on smartphones and data security. Hackers used tricks such as missed calls to control devices.
Victims may be completely unaware that they were exposed to the hack and never even notice there is suspicious behavior on their phones.
The cyberattack uses a technique known as a zero-click hack which does not require the victim to click on an encrypted link to be caught.
This hack is not dependent on the victim taking any action. It can be done without the victim having to click on an encrypted link.
The zero-click hack instead takes advantage of flaws in your device.
These flaws are used to bypass the data verification required to gain access to a phone.
3
We pay for your stories!
Are you a journalist for The US Sun?