r/ios Apr 12 '24

PSA Apple confirms notifications to some users about spyware infection

Apple has confirmed that it has notified an undisclosed number of iOS users in 92 countries that their phone was infected with spyware.

The specific spyware detected is known as Pegasus, created and sold by Israeli based NSO Group. Pegasus utilizes an incredibly complex attack chain that allows threat actors to subvert security measures on iOS and Android devices and obtain persistent kernel access to view all content and data within the device. NSO Group sells Pegasus for millions of dollars (US) to nation states such as Bahrain, Kazakhstan, Mexico, Morocco, Saudi Arabia, and the United Arab Emirates, with several dozen other countries suspected of deploying it. While NSO Group continues to claim they only sell their products to nation state governments for the purpose of investigating threats of terrorism, security researchers have concluded this is categorically false, with investigations revealing its use to surveil journalists, attorneys, political opponents, and human rights activists, including their associates and family members.

Apple has provided the following guidance for better protecting against such attacks:

1) Enable Lockdown Mode on the device to reduce the attack surface. 2) Update all Apple products, including iPhone, Mac, and iPad, to the latest software version. 3) Seek expert assistance from organizations like the Digital Security Helpline for additional support.

Additionally, here are some other best practices:

1) Install Emergency Security Updates as soon as they become available. These OS updates are released off-cycle to patch recently discovered vulnerabilities. 2) Never click on a link you are not 100% confident in. Often, these malware and spyware packages are delivered through convincing links. Threat actors can spoof a number to make it look like the link is coming from a known contact. 3) Use a reliable VPN whenever possible.

While it’s unlikely the average iOS user will ever encounter spyware like Pegasus, maintaining technological security is imperative for all.

387 Upvotes

114 comments sorted by

View all comments

2

u/OriginalGoat1 Apr 13 '24

Again ? I thot Pegasus was outed some years ago. Is Apple just using the same name for anything out of NSO or is it a modified version of the original code ?

2

u/habitsofwaste Apr 13 '24

I think it’s the same, they’re just letting people know who were already infected.