Tech giant Apple Inc. on Thursday issued an update for all its devices after Citizen Lab, a cybersecurity research unit, found an actively exploited zero-click vulnerability being used to deliver NSO Group’s Pegasus mercenary spyware.
Citizen Lab, a Canadian security organization at the University of Toronto, warned that the exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim. Lab immediately disclosed our findings to Apple and assisted in their investigation.
“We encourage everyone who may face increased risk because of who they are or what they do to enable Lockdown Mode,” the group’s statement on Friday read.
Pegasus is spyware developed by the Israeli cyber-arms company NSO Group that is designed to be covertly and remotely installed on mobile phones running iOS and Android. Several reports have exposed that Pegasus is used to target journalists, human rights activists and even global leaders.
“Apple’s update will secure devices belonging to regular users, companies, and governments around the globe. The BLASTPASS discovery highlights the incredible value to our collective cybersecurity of supporting civil society organizations,” the statement added.
