Apple just released an update that patched two zero-day vulnerabilities. Citizen Lab, an internet group that investigates government malware, discovered a zero-click vulnerability. Zero click means that the hacker’s victim doesn’t have to click or tap anything for their device to be infected. So if this was not patched hackers could have produced mass chaos among Apple device users. According to Citizen Labs’s researchers, the vulnerability was used to deliver NSO Group’s Pegasus spyware. The attack chain was capable of compromising iPhone users without suspicion or interaction with the user. Citizen Lab immediately addressed their findings to Apple and the company quickly took action, releasing the update. Citizen Labs only mentions one vulnerability; however, the update consisted of two zero-day patches. We are to assume that Apple must have found the second one while investigating the first.
This is not the first and most definitely not the last time NSO Group an Israeli-based cyber firm will be battling against Apple. In 2021 Apple filed a lawsuit against them and its parent company OSY Techonologies for targeting US Apple users with their Pegasus software. The software works through both iPhone and Andriod giving the hacker access to messages, emails, and photos even allowing them to secretly record calls. The Pegasus software was revealed to be made and licensed to NSO Group and successfully used to compromise phones of journalists, government officials and human rights activists.