IT should immediately update all enterprise Apple devices with an essential security update to defend against an insidious NSO Group zero-click attack. Credit: Thinkstock Apple has pushed out an essential security update to defend against yet another attack by an out-of-control mercenary surveillance group. Like a bad smell, NSO Group has clawed its way back into the spotlight with yet another unprincipled attack against free speech and citizens’ rights, as revealed by Citizen Lab. The security researchers found this latest example of a sinister, yet egregious zero-click attack while checking the device of an “Individual employed by a Washington DC-based civil society organization with international offices.” What is this attack and what does it do? This attack, which is being used to deliver NSO Group’s Pegasus mercenary spyware, is deeply concerning as it can compromise iPhones running iOS 16.6 without requiring any interaction from the victim. The researchers explained the exploit involved PassKit attachments containing malicious images sent via iMessage. The victim wasn’t even required to look at this image. What happened next? Citizen Lab alerted Apple to the attack and the company swiftly published a security update for all its devices to protect against it. Both companies confirm Lockdown Mode will secure devices against such attack. What Apple says Apple published support notes detailing the content of the latest security updates. Warning that these attacks may already be actively exploited, these reveal that “processing a maliciously crafted image may lead to arbitrary code execution,” and that this attack was also viable against Wallet. “We would like to acknowledge The Citizen Lab at The University of Torontoʼs Munk School for their assistance,” Apple said. Here’s mbout the security content of macOS Ventura 13.5.2 Here’s more about the security content of iOS 16.6.1 and iPadOS 16.6.1 What Citizen Lab says “In this critical time for the future of democracy, the out-of-control mercenary spyware industry is directly undermining our core shared values, security and human rights,” Citizen Labs Senior Researcher John Scott-Railton warned the US House Intelligence Committee last July. “Once more, civil society, is serving as the cybersecurity early warning system for…billions of devices around the world,” he subsequently warned on the latest attack. These attacks are proliferating, the number of companies launching them is increasing, and researchers believe it is inevitable these dangerous exploits will eventually be used by criminals, threatening every aspect of civil society. What this means for IT There is a security war that must be fought. Apple has already patched 13 actively exploited zero-day vulnerabilities so far this year. The time for complacency with Apple security is gone. With this in mind, it’s important to adopt a less casual stance to device security. Individuals must be extremely sensitive to slight changes in device behavior, should be prepared to change passwords more frequently and should certainly think twice before leaving devices unattended or making use of public Wi-Fi. Take sensible precautions, use tough passcodes, and don’t click links from people you don’t know. IT should accelerate testing when important security updates of this kind appear, as these exploits are quite clearly being used relatively indiscriminately in the wild. If you use a device management service at your company, it will be good practice to schedule installation of software updates as frequently as company policy permits. Make no mistake, this is war The mercenaries who create and profit from these attacks like to claim they only work for legitimate governments. If that’s the case, it is strange that civil society advocates across the planet are regularly being targeted. In other words, far from being found in action against a criminal or military target, this particular attack was being made against someone fighting for civil rights in some way. That is not at all reassuring. Particularly in light of a recent investigation by the Polish government, which found “gross violations of constitutional standards” when the NSO Group’s Pegasus surveillance software was used against opposition leaders. These clearly aren’t the good guys they pretend to be. These attacks threaten us all In general, such attacks are described as being more likely to take place against high-value targets, as they can be costly to mount. But it is inevitable that attacks of this kind will proliferate and enter the realm of mainstream digital criminality. It is essential this egregious and amoral sham “industry” is bought to heel. Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe. Related content news analysis EU commissioner slams Apple Intelligence delay Margrethe Vestager, Europe's chief gatekeeper, takes a shot at Apple's decision to delay rolling out the company's AI. By Jonny Evans Jun 28, 2024 7 mins Regulation Apple Generative AI news Hexnode CEO: Enterprises must get ready for app sideloading As iOS app sideloading unfurls in Europe, companies all need to figure out how to protect themselves, said Hexnode CEO Apu Pavithran. By Jonny Evans Jun 27, 2024 5 mins Apple App Store Enterprise Mobile Management Mobile Device Management news analysis OpenAI brings its ChatGPT app to all Mac users You no longer need to pay to use the ChatGPT app on an Apple Silicon Mac. By Jonny Evans Jun 26, 2024 4 mins Mac Chatbots Apple opinion Why Apple is now in the server market It's not just about security, it's also about scale and efficiency. By Jonny Evans Jun 25, 2024 5 mins Apple CPUs and Processors Generative AI Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe