Apple has released an emergency software update to address a previously unknown vulnerability in its iOS code that allowed the Israeli NSO Group to remotely inject its Pegasus spyware onto iPhones and iPads. The vulnerability, known as a zero-day, enabled NSO customers, including Saudi Arabia, Rwanda, and Mexico, to hide code within images sent via iMessage, allowing the Pegasus spyware to take control of a device.

Pegasus is a military-grade spyware that can bypass encryption and access encrypted messages, activate the camera and microphone remotely, and track the location of the device. NSO has been linked to human rights abuses in several countries, resulting in the company being blacklisted by the US Department of Commerce. The software update also addresses a vulnerability in the Apple Wallet, where payment cards are stored.

This patch is part of an ongoing battle between tech companies and spyware manufacturers, many of which are based in Israel. These manufacturers exploit unknown vulnerabilities in smartphones for government agencies to conduct surveillance without detection. NSO has claimed that its product is meant to be used for monitoring potential terrorists and fighting organized crime.

The vulnerability was discovered by the University of Toronto’s Citizen Lab, which found it on the phone of an employee of a civil society organization. Citizen Lab has previously linked the Pegasus spyware to hundreds of dissidents, journalists, lawyers, and opposition leaders in countries with poor human rights records. Enabling Lockdown Mode on iPhones can block these types of breaches and severely restrict certain functions.

The discovery of this latest vulnerability highlights NSO’s ability to find weaknesses in sophisticated operating systems despite financial difficulties caused by US government sanctions. NSO, staffed by former members of the Israeli army’s signals intelligence units, is currently facing a lawsuit from WhatsApp and other tech giants over the use of its spyware.

In recent weeks, multiple individuals, including a political reporter for the Daily Mail, received notifications from Apple indicating that their devices had been targeted by “state actors.” It is unclear whether these attacks were carried out by NSO or its competitors.

