Apple Inc (NASDAQ AAPL) has issued an update to patch a security vulnerability that affected its iPhone, iPad, and Apple Watch devices.
What Happened: The update was issued after security researchers from the University of Toronto’s Citizen Lab found an exploit they are calling “FORCEDENTRY.”
The exploit targets Apple’s image rendering library and was effective against iOS, Mac OS and WatchOS devices, as per a Citizen Lab statement, first noted on BBC.
“We determined that the mercenary spyware company NSO Group used the vulnerability to remotely exploit and infect the latest Apple devices with the Pegasus spyware. We believe that FORCEDENTRY has been in use since at least February 2021,” the researchers said.
Why It Matters: Citizen Lab said they examined the phone of an anonymous Saudi activist and determined that the person had been hacked with NSO Group’s Pegasus spyware.
Citizen Lab said that Israel’s NSO Group’s business model “contains the seeds of their ongoing unmasking.”
“Selling technology to governments that will use the technology recklessly in violation of international human rights law ultimately facilitates discovery of the spyware by investigatory watchdog organizations,” said Citizen Lab.
Meanwhile, Apple in its security bulletin acknowledged that the exploit processed a “maliciously crafted PDF may lead to arbitrary code execution.”
The Tim Cook-led company said it is “aware of a report that this issue may have been actively exploited.”
In December, it was revealed that the iPhone “Zero Click” vulnerability was exploited by the NSO Group to hack 3 dozen Al Jazeera Journalists. That revelation too came from Citizen Lab.
NSO Group is accused of helping the Saudi government in spying against the assassinated journalist Jamal Khashoggi, as per the New York Times.
Price Action: On Monday, Apple shares closed nearly 0.4% higher at $149.55 in the regular session.
© 2021 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.