Apple has patched a vulnerability in its operating systems that allowed users of Pegasus spyware to secretly run programs on other people’s devices, Apple and the Citizen Lab cybersecurity group said. Updates have been released for iOS, iPadOS, watchOS, and macOS starting with Catalina.
Citizen Lab identified the vulnerability during an analysis of a hacked phone belonging to a Saudi Arabian activist. The virus that used it spread through iMessage and did not require any action on the part of the user to work. Apple specifies that it is enough to send a specially crafted PDF file to infect it. In addition to the vulnerability identified by Citizen Lab, new versions of iOS and iPadOS fix a similar issue in the web content rendering engine.
The update came on the eve of Apple’s presentation, which is expected to showcase new iPhone phone and Apple Watch models. The new devices will presumably run on newer versions of iOS and watchOS.
Pegasus is software from the Israeli company NSO Group. In July, foreign media outlets, following a joint investigation, reported that several governments were using it to spy on journalists, activists and politicians. Pavel Durov, founder of the VKontakte social network and the Telegram messenger, confirmed that one of his phones was included in the list of potential surveillance targets.
About the scandal with Pegasus – in the material “Kommersant FM” “Special services caught on the surveillance.”