Last month, Apple filed a lawsuit against NSO Group to "hold it accountable" for state-sponsored spyware targeting Apple users. Apple also said it would contribute $10 million to organizations pursuing cybersurveillance research and advocacy.
Apple said NSO Group's "spyware product" Pegasus was used to attack a "very small number of users" across multiple platforms, including iOS and Android.
Apple's legal complaint provides new information on NSO Group's FORCEDENTRY, an exploit for a now-patched vulnerability previously used to break into a victim's Apple device and install the latest version of NSO Group's spyware product, Pegasus. […]In a support document, Apple said it would notify users who may have been targeted by email and iMessage "in accordance with industry best practices."
To deliver FORCEDENTRY to Apple devices, attackers created Apple IDs to send malicious data to a victim's device — allowing NSO Group or its clients to deliver and install Pegasus spyware without a victim's knowledge. Though misused to deliver FORCEDENTRY, Apple servers were not hacked or compromised in the attacks.
If Apple discovers activity consistent with a state-sponsored attack, we notify the targeted users in two ways:"State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability," said Apple's software engineering chief Craig Federighi. "That needs to change."
- A Threat Notification is displayed at the top of the page after the user signs into appleid.apple.com.
- Apple sends an email and iMessage notification to the email addresses and phone numbers associated with the user's Apple ID.
These notifications provide additional steps that notified users can take to help protect their devices.
This article, "Apple Reportedly Notified Some U.S. State Department Employees They May Have Been Targeted by NSO Group Spyware" first appeared on MacRumors.com
Discuss this article in our forums
0 Commentaires