banner
Nov 24, 2021
17 Views
0 0

Apple sues spyware-maker NSO Group, notifies iOS exploit targets

Written by
banner

Apple sues spyware-maker NSO Group, notifies iOS exploit targets
Over nine million Android devices infected by info-stealing trojan
Exploit released for Microsoft Exchange RCE bug, patch now
Malware now trying to exploit new Windows Installer zero-day
Windows 10 KB5007253 update released with network printing fixes
Black Friday Deal: Emsisoft Anti-malware on 3-devices for price of 1
Germany to force ISPs to give discounts for slow Internet speeds
Hackers exploit Microsoft MSHTML bug to steal Google, Instagram creds
Qualys BrowserCheck
STOPDecrypter
AuroraDecrypter
FilesLockerDecrypter
AdwCleaner
ComboFix
RKill
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Toksearches.xyz Search Redirect
Remove the Smashapps.net Search Redirect
Remove the Smashappsearch.com Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
eLearning
IT Certification Courses
Gear + Gadgets
Security
Apple sues spyware-maker NSO Group, notifies iOS exploit targets
Apple has filed a lawsuit against Pegasus spyware-maker NSO Group and its parent company for the targeting and spying of Apple users with surveillance tech.
The company says the state-sponsored attacks that used NSO’s spyware only targeted “a very small number” of individuals, across multiple platforms, including iOS and Android.
The exploits used to deploy NSO Group’s Pegasus spyware were used to hack and compromise the devices of high-profile targets such as government officials, diplomats, activists, dissidents, academics, and journalists worldwide.
For instance, NSO’s FORCEDENTRY exploit was used by state-backed attackers to break into Apple devices to install the latest version of Pegasus spyware, as revealed by the Citizen Lab in August.
“State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change,” said Craig Federighi, Apple’s senior vice president of Software Engineering.
“At Apple, we are always working to defend our users against even the most complex cyberattacks,” added Ivan Krstić, head of Apple Security Engineering and Architecture.
“The steps we’re taking today will send a clear message: In a free society, it is unacceptable to weaponize powerful state-sponsored spyware against those who seek to make the world a better place.”
Defendants are notorious hackers—amoral 21st century mercenaries who have created highly sophisticated cyber-surveillance machinery that invites routine and flagrant abuse. They design, develop, sell, deliver, deploy, operate, and maintain offensive and destructive malware and spyware products and services that have been used to target, attack, and harm Apple users, Apple products, and Apple. For their own commercial gain, they enable their customers to abuse those products and services to target individuals including government officials, journalists, businesspeople, activists, academics, and even U.S. citizens. — Apple’s complaint
“To prevent further abuse and harm to its users, Apple is also seeking a permanent injunction to ban NSO Group from using any Apple software, services, or devices,” Apple added.
Apple also said it’s notifying all the users it discovered to have been targeted by attackers using the FORCEDENTRY exploit.
The company added that it will alert other users who will be targeted in state-sponsored spyware attacks in the future, “in accordance with industry best practices.”
Apple will also contribute $10 million to organizations involved in cyber-surveillance research and advocacy, as well as any damages from this lawsuit.
Two years ago, Facebook also sued NSO Group for creating and selling a WhatsApp zero-day exploit used to infect devices belonging to high-profile targets, including government officials, diplomats, and journalists.
Key detail from the @Apple v NSO lawsuit: the spyware company doesn’t just hack *phone handsets*

Their core biz & exploitation activity includes constant flagrant abuse of services & clouds.

Like Apple’s iCloud servers.

Side effect: makes Apple’s lawsuit a lot stronger. pic.twitter.com/eZvYz4T3oi
The FORCEDENTRY attacks Apple sued the spyware company for today are part of a long string of reports documenting NSO Group’s Pegasus spyware being used to spy on journalists and human rights defenders (HRDs) around the world.
Pegasus, NSO Group’s spyware tool, is marketed by the company as surveillance software “licensed to legitimate government agencies for the sole purpose of investigating crime and terror.”
Citizen Lab revealed in 2018 they discovered some Pegasus licensees using the spyware for cross-border surveillance in countries with state security services with a history of abusive behavior.
Amnesty International and non-profit project Forbidden Stories also said in a separate July report that NSO Group’s spying tools were deployed on iPhones running Apple’s latest iOS release with the help of zero-click iMessage exploits targeting multiple iOS zero-days.
“While NSO Group spyware continues to evolve, Apple has not observed any evidence of successful remote attacks against devices running iOS 15 and later versions,” Apple said today.
“Apple urges all users to update their iPhone and always use the latest software.”
FinFisher malware hijacks Windows Boot Manager with UEFI bootkit
Ukraine arrests ‘Phoenix’ hackers behind Apple phishing attacks
Get 12 popular Mac apps for $18 with this limited edition bundle
Surveillance firm pays $1 million fine after ‘spy van’ scandal
Fake end-to-end encrypted chat app distributes Android spyware
Even if they succeed in this suit the practice will not stop, it will just push it underground. Then there will be absolutely zero visibility or accountability for those who make and sell tools like these.
Not a member yet? Register Now
Over nine million Android devices infected by info-stealing trojan
New Windows zero-day with public exploit lets you become an admin
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.

source

Article Categories:
Cybersecurity News
banner

Comments are closed.