Apple iPhone users were rudely shocked earlier this year to learn how well NSO Group’s Pegasus spyware sniffed the iPhones of activists, lawyers and journalists. The general perception that the iPhone cannot be “hacked” has been challenged. This has become a public relations nightmare for Apple in advocating terms such as “safest” and “incorporated privacy” in iPhone marketing brochures.
Pegasus spyware exploits several vulnerabilities to perform “zero-click” attacks on iPhone using the latest software to steal personal information such as contacts, voice recordings, images and SMS. bottom. And the information was released only after Amnesty International and Citizen Lab published the same report.
Apple had to act swiftly to fix the privacy issue and its image. Within a few months, a Cupertino-based tech giant released an iOS 14.8 update to patch the vulnerability and prevent Pegasus from exploiting a known vulnerability. Apple described this update as a security fix for a “potentially aggressively exploited” vulnerability. At that time, it was not the name of Pegasus or its creator, NSO Group. Apple is currently suing NSO Group, so Pegasus and other spyware created by NSO Group will not break the iOS barrier again.
What Apple is doing to prevent Pegasus from spying on the iPhone again
Apple has filed a proceeding against NSO Group and its parent company for monitoring and targeting Apple users. Apple is not the first company to sue NSO Group. In fact, Facebook (now Meta) has already tried NSO Group for infringing WhatsApp privacy. It was also supported by Google and Microsoft.
While the proceedings are primarily aimed at holding NSO Group accountable, Apple “also seeks a permanent injunction banning NSO Group from using Apple’s software, services, or devices.” If the proceedings rule in favor of Apple, NSO Group should ideally have no official access to Apple’s ecosystem.
Apple explains that Pegasus may have attacked the iPhone
Apple has provided new information on how NSO Group can use the FORCEDENTRY exploit to compromise the security of Apple devices. The exploit has been patched. To deliver FORCEDENTRY to Apple devices, the attacker created an Apple ID and sent malicious data to the victim’s device. This allows NSO Group or its clients to distribute and install Pegasus spyware without the victim’s knowledge. Apple claims that the server has not been hacked or compromised in an attack.
According to Apple, the new iOS 15 software for iPhone includes many new security protections, including a major upgrade to the BlastDoor security mechanism. Apple uses Pointer Authorization Code (PAC), BlastDoor, and Page Protection Layer (PPL) to protect users from these “advanced attacks.”
“Although NSO Group’s spyware continues to evolve, Apple has not observed evidence of successful remote attacks on devices running iOS 15 or later,” Apple said. The company also urged all users to update their iPhones.
How Apple wants to make sure Pegasus can’t spy on your iPhone again
Source link How Apple wants to make sure Pegasus can’t spy on your iPhone again