Apple has put out a new security update to fix a flaw that caused a software breach for months, The Wall Street Journal (WSJ) reported Monday (Sept. 13).
NSO Group, an Israeli cybersecurity firm, has been exploiting a vulnerability to silently infect iPhones using iMessage since February, WSJ reported, citing research group Citizen Lab, which looks into cyberattacks on “journalists and dissidents.”
The intrusion was ominous to Citizen Lab because it was a “zero click” attack, referring to an attack in which the user doesn’t need to click a link or open a document to be attacked, according to the report.
John Scott-Railton, one of the Citizen Lab researchers, told WSJ that “anyone with iMessage” could be infected unknowingly. He added that the software was “rare and probably expensive,” and that it likely was developed with a substantial amount of work.
Apple didn’t say whether users had been protected from the attack. On its website, the tech giant published a note saying the company had addressed Citizen Lab’s reported issue, explaining it was “aware of a report that this issue may have been actively exploited,” per WSJ.
NSO Group sells hacking tools used by governments globally to perform surveillance duties, the report stated. An NSO spokesman said the group “will continue to provide intelligence and law enforcement agencies around the world with lifesaving technologies to fight terror and crime.”
Cybercrime has proliferated during the pandemic as the world moved largely online in haste as the virus descended. Several tech CEOs announced last month new plans to fight cybercrime, following a meeting with U.S. President Joe Biden in which he said the fact that much infrastructure is privately owned and operated means that partnerships between companies and the government would be needed.
Read more: Tech CEOs Vow to Fight Cybercrime With Billions Following Biden Meeting