Apple rushes to stop ‘zero-click’ spyware on iPhone

Apple has released a software update to prevent “zero-click” spyware from infecting iPhones and iPads.

The issue, which allows hackers to access devices via the iMessage service even if users do not click on a link or file, was discovered by independent researchers.

According to the researchers, the issue impacts all of the technology giant’s operating systems. The security update was released in response to a “maliciously designed” PDF file, according to Apple.

The Citizen Lab at the University of Toronto had previously discovered evidence of zero-click malware, but “this is the first one where the exploit has been captured so we can figure out how it works,” according to researcher Bill Marczak.

The previously undiscovered vulnerability, according to the researchers, affects all key Apple devices, including iPhones, Macs, and Apple Watches.

Citizen Lab also claimed that the security flaw was used to install spyware on a Saudi activist’s iPhone and that it had high confidence that the attack was carried out by the Israeli hacker-for-hire outfit NSO Group.

NSO did neither confirm nor deny that it was behind the malware in a statement to the Reuters news agency, saying simply that it would “continue to support intelligence and law enforcement organisations throughout the world with life-saving technologies to fight terror and crime.”

Although the revelation is significant, security experts say that most owners of Apple devices need not be alarmed because such assaults are usually highly targeted.

After learning of a report that the bug “may have been actively exploited,” Apple deployed the iOS 14.8 and iPadOS 14.8 software updates, according to a blog post.

The news came as the tech giant was preparing to reveal new devices at its annual launch event on Tuesday. Apple is likely to announce new iPhones, as well as improvements to its AirPods and Apple Watch.