(Bloomberg) — Apple Inc. Monday patched a security flaw in its Messages app across all of its major devices that the company says was actively exploited by Israel-based NSO Group.
The flaw, disclosed Monday by Citizen Lab, allowed a hacker using NSO’s malware Pegasus to gain access to a device owned by a Saudi activist, according to security researchers. Apple said the flaw could be exploited if a user on a vulnerable device received a “maliciously crafted” PDF file.
The malware didn’t require victims to engage with the file. Receiving it was enough to infect their devices, according to a report released by Citizen Lab, a cyber research unit of the University of Toronto.
“Apple is aware of a report that this issue may have been actively exploited,” the iPhone maker said on its website.
Apple is patching the bug on the iPhone, iPad, Mac, and Apple Watch via iOS 14.8, iPadOS 14.8, macOS 11.6 and watchOS 7.6.2 software updates. The software releases came the day before Apple’s Sept. 14 product launch event, which will likely spur the release of iOS 15, Apple’s next major software update that will contain additional security protections.
NSO Group Chief Executive Officer Shalev Hulio didn’t immediately respond to a request for comment.
More stories like this are available on bloomberg.com
©2021 Bloomberg L.P.