Apple issued emergency software updates for a critical vulnerability in its products on Monday (September 13) after independent researchers discovered a flaw that makes numerous products vulnerable to highly invasive spyware.
The New York Times reports Apple's security team has been working to address the issue ever since researchers at the University of Toronto's cybersecurity watchdog organization Citizen Lab discovered a Saudi activist's iPhone was infected by highly invasive spyware from Israel's NSO Group last Tuesday (September 7).
The spyware, known as 'Pegasus,' uses a novel method known as a 'zero click remote exploit' to invisibly infect Apple devices -- including the iPhone, iPad, Apple Watch or Mac computer -- without the person knowing.
Researchers said the tactic is considered the Holy Grail of surveillance because it allows governments, mercenaries and criminals to hack into the devices without the victim ever being made aware of the incident.
Pegasus can turn on a user's camera and microphone, record messages, texts, emails calls and send information back to NSO's clients and government officials worldwide by using a zero-click infection method, according to the New York Times.
“This spyware can do everything an iPhone user can do on their device and more,” said John Scott-Railton, a senior researcher at Citizen Lab, who worked alongside Bill Marczak, a senior researcher at Citizen Lab, in response to the spyware flaw.
Researchers believe more than 1.65 billion Apple products could have been vulnerable to the spyware since at least March 2021.
The discovery is the latest in the cybersecurity arms race as governments have paid large amounts to spy on digital communications and tech companies, human rights activists and others have responded to address the issues.