Apple released a critical software patch to fix a security vulnerability that researchers said could allow hackers to directly infect iPhones and other Apple devices without any user action.
Researchers at the University of Toronto's Citizen Lab said the security issue was exploited to plant spyware on a Saudi activist's iPhone. They said they had high confidence that the world's most infamous hacker-for-hire firm, Israel's NSO Group, was behind that attack.
The previously unknown vulnerability affected all major Apple devices -- iPhones, Macs and Apple Watches, the researchers said. NSO Group responded with a one-sentence statement saying it will continue providing tools for fighting "terror and crime."
It was the first time a so-called "zero-click" exploit -- one that doesn't require users to click on suspect links or open infected files -- has been caught and analyzed, the researchers said. They found the malicious code on Sept. 7 and immediately alerted Apple. The targeted activist asked to remain anonymous, they said.
"We're not necessarily attributing this attack to the Saudi government," said researcher Bill Marczak.
Citizen Lab previously found evidence of zero-click exploits being used to hack into the phones of al-Jazeera journalists and other targets, but hasn't previously seen the malicious code itself.
Although security experts say that average iPhone, iPad and Mac user generally need not worry -- such attacks tend to be limited to specific targets -- the discovery still alarmed security professionals.
Malicious image files were transmitted to the activist's phone via the iMessage instant-messaging app before it was hacked with NSO's Pegasus spyware, which opens a phone to eavesdropping and remote data theft, Marczak said. It was discovered during a second examination of the phone, which forensics showed had been infected in March. He said the malicious file causes devices to crash.
Citizen Lab says the case reveals, once again, that NSO Group is allowing its spyware to be used against ordinary civilians.
In a blog post, Apple said it was issuing a security update for iPhones and iPads because a "maliciously crafted" PDF file could lead to them being hacked. It said it was aware that the issue may have been exploited and cited Citizen Lab. Apple didn't immediately respond to questions regarding whether this was the first time it had patched a zero-click vulnerability.
Users should get alerts on their iPhones prompting them to update the phone's iOS software. Those who want to jump the gun can go into the phone settings, click "General" then "Software Update," and trigger the patch update directly.
Citizen Lab called the iMessage exploit FORCEDENTRY and said it was effective against Apple iOS, MacOS and WatchOS devices. It urged people to immediately install security updates.
Researcher John Scott-Railton said the news highlights the importance of securing popular messaging apps against such attacks. "Chat apps are increasingly becoming a major way that nation-states and mercenary hackers are gaining access to phones," he said. "And it's why it's so important that companies focus on making sure that they are as locked down as possible."
The researchers said it also undermines NSO Group's claims that it only sells its spyware to law enforcement officials for use against criminals and terrorists and audits its customers to ensure it's not abused.
"If Pegasus was only being used against criminals and terrorists, we never would have found this stuff," said Marczak.
Facebook's WhatsApp was also allegedly targeted by an NSO zero-click exploit In October 2019, Facebook sued NSO in U.S. federal court for allegedly targeting some 1,400 users of the encrypted messaging service with spyware.
In July, a global media consortium published a damning report on how clients of NSO Group have been spying for years on journalists, human rights activists, political dissidents -- and people close to them, with the hacker-for-hire group directly involved in the targeting. Amnesty International said it confirmed 37 successful Pegasus infections based on a leaked targeting list whose origin was not disclosed.
One involved the fiancee of Washington Post journalist Jamal Khashoggi, just four days after he was killed in the Saudi Consulate in Istanbul in 2018. The CIA attributed the murder to the Saudi government.
The recent revelations also prompted calls for an investigation into whether Hungary's right-wing government used Pegasus to secretly monitor critical journalists, lawyers and business figures. India's parliament also erupted in protests as opposition lawmakers accused Prime Minister Narendra Modi's government of using NSO Groups' product to spy on political opponents and others.
France is also trying to get to the bottom of allegations that President Emmanuel Macron and members of his government may have been targeted in 2019 by an unidentified Moroccan security service using Pegasus. Morocco, a key French ally, denied those reports and is taking legal action to counter allegations implicating the North African kingdom in the spyware scandal.
Luis Armando Albino was six years old in 1951 when he was abducted while playing at an Oakland, Calif., park. Now, more than seven decades later, Albino has been found thanks to help from an online ancestry test, old photos and newspaper clippings.
The prime minister's official itinerary says the interview will be shot during his trip to New York, where he is meeting with other world leaders ahead of the 78th gathering of the United Nations General Assembly.
An Edmonton man says he was in the wrong place at the wrong time when he was injured by members of the Edmonton Police Service last year.
Prime Minister Justin Trudeau told delegates at the United Nations the world is at a global inflection point, having a choice between walking away from multilateralism or setting differences aside to confront serious global challenges.
The brother of a 27-year-old man who was fatally shot in Scarborough over the weekend has been arrested and charged in connection with his death, say police.
Kate, the Princess of Wales, made her first public appearance Sunday since she announced she had completed chemotherapy and would return to some public duties.
Comedian John Mulaney and actor Olivia Munn now have a second child, a daughter named Mei June Mulaney.
The head of the Air Canada pilots union says she'll step down if members opt not to approve a tentative deal with the airline, raising the stakes as aviators mull whether to accept hefty salary gains or drive an even harder bargain.
The Royal Canadian Mint has introduced its latest Gold Maple Leaf bullion coin – made entirely from gold sourced from a single mine in northern Ontario
The Royal Canadian Mint has introduced its latest Gold Maple Leaf bullion coin – made entirely from gold sourced from a single mine in northern Ontario
Ontario's police watchdog has decided there are no grounds to believe Sudbury police committed a crime during a difficult arrest in May where the suspect's neck was broken.
The City of Calgary ended water restrictions for the city at a Sunday morning update.
The brother of a 27-year-old man who was fatally shot in Scarborough over the weekend has been arrested and charged in connection with his death, say police.
A man is facing numerous drug trafficking charges after Dufferin OPP seized a large assortment of drugs and weapons in Orangeville earlier this week.
Pasquale Monaco says he’s debating whether to keep renting out the two-bedroom basement apartment of the Montreal building he owns after it was flooded — again — in August, when the remnants of tropical storm Debby sent four feet of water rushing into the space.
North Carolina Lt. Gov. Mark Robinson avoided directly weighing in during a gubernatorial campaign event Saturday on a CNN report outlining evidence that he made disturbing posts on a pornography website's message board more than a decade ago.
An explosion in a coal mine in eastern Iran killed at least 33 workers and injured 17 others, officials said Sunday, marking one of the worst mining disasters in the country's history as others remained missing hours after the blast.
More than a year after the Titan submersible imploded, killing all five voyagers on board, the story of the ill-fated expedition to the Titanic has taken the form of a modern-day Greek tragedy overflowing with mortal pride and heedlessness.
In less than two months, Americans will go to the polls to choose their next president. But the process that translates those millions of votes into one seat in the Oval Office is much more complicated than a straight tally.
Donald Trump has long pledged to deport millions of people, but he's bringing more specifics to his current bid for the White House: invoking wartime powers, relying on like-minded governors and using the military.
At least two students at Gettysburg College in Pennsylvania have been suspended from the swim team after a report that a racial slur was scratched onto a student's body, officials said.
The prime minister's official itinerary says the interview will be shot during his trip to New York, where he is meeting with other world leaders ahead of the 78th gathering of the United Nations General Assembly.
Prime Minister Justin Trudeau is set to be in New York this week for the 78th meeting of the United Nations General Assembly and the Summit of the Future amid increasing geopolitical instability around the world.
A $2.14-billion federal loan for an Ottawa-based satellite operator has Canadian politicians arguing about whether American billionaire Elon Musk poses a national security risk.
Body mass index, a long-time tool used to measure a person's health, may soon be out the door as some health professionals push for a system they say is more accurate.
Infectious disease physician Dr. Isaac Bogoch says whooping cough is most risky for unvaccinated infants, children and older people.
A morning cup of coffee may do more than just perk you up, according to new research.
If something looks too good to be true, it might be. That's the message from Saskatchewan horticulturists after customers have come into their stores hoping to buy purple apple trees this month.
The owner of the shuttered Three Mile Island nuclear power plant said Friday that it plans to restart the reactor under a 20-year agreement that calls for tech giant Microsoft to buy the power to supply its data centers with carbon-free energy.
Lebanese authorities on Thursday banned walkie-talkies and pagers from being taken on flights from Beirut airport, the National News Agency reported, after thousands of such devices exploded during a deadly attack on Hezbollah this week.
Comedian John Mulaney and actor Olivia Munn now have a second child, a daughter named Mei June Mulaney.
Tim Burton's legacy sequel to the 1988 horror comedy topped the North American box office charts for a third
A Nova Scotian YouTuber has launched a mini-truck bookmobile.
The head of the Air Canada pilots union says she'll step down if members opt not to approve a tentative deal with the airline, raising the stakes as aviators mull whether to accept hefty salary gains or drive an even harder bargain.
It’s not easy going up against Canada’s banking oligopoly, but some are trying.
It is not a great time to be a coffee drinker. In general, coffee bean prices are the highest they've been in more than a decade.
Nick Kolomyja reckons axe throwing may have saved his life.
More than 2,200 zoo professionals from 23 different countries have gathered in Calgary for the annual Association of Zoos and Aquariums conference.
Tattoos are becoming more common in today's society and, as a result, appear to be more acceptable in the workplace than they used to be.
After Sunday's loss, the White Sox are 36-120 with six regular-season games to go in 2024.
The Winnipeg Blue Bombers have a nickname for the opposition’s end zone. They refer to it as the “chicken box.â€
Jonathan Aranda homered for the second consecutive game, helping Taj Bradley and the Tampa Bay Rays beat the Toronto Blue Jays 3-2 on Saturday.
Unifor says workers at General Motors' CAMI assembly plant and battery facility in southwestern Ontario have ratified a new collective agreement.
General Motors (GM) has issued a recall for 38,000 vehicles for safety risks related to a software glitch, Transport Canada reported in a notice on Wednesday.
Chechen leader Ramzan Kadyrov has accused Tesla CEO Elon Musk of 'remotely disabling' his Cybertruck, which had been sent to the frontline of Russia's war in Ukraine.
Cole Haas is more than just an avid fan of the F.W. Johnson Wildcats football team. He's a fixture on the sidelines, a source of encouragement, and a beloved member of the team.
Getting a photograph of a rainbow? Common. Getting a photo of a lightning strike? Rare. Getting a photo of both at the same time? Extremely rare, but it happened to a Manitoba photographer this week.
An anonymous business owner paid off the mortgage for a New Brunswick not-for-profit.
They say a dog is a man’s best friend. In the case of Darren Cropper, from Bonfield, Ont., his three-year-old Siberian husky and golden retriever mix named Bear literally saved his life.
A growing group of brides and wedding photographers from across the province say they have been taken for tens of thousands of dollars by a Barrie, Ont. wedding photographer.
Paleontologists from the Royal B.C. Museum have uncovered "a trove of extraordinary fossils" high in the mountains of northern B.C., the museum announced Thursday.
The search for a missing ancient 28-year-old chocolate donkey ended with a tragic discovery Wednesday.
The Royal Canadian Mounted Police is celebrating an important milestone in the organization's history: 50 years since the first women joined the force.
It's been a whirlwind of joyful events for a northern Ontario couple who just welcomed a baby into their family and won the $70 million Lotto Max jackpot last month.
One man is dead and another injured after a shooting in Langley Saturday evening that homicide investigators say is gang-related.
Anyone needing emergency care in a city in B.C.’s southern Interior will need to seek help elsewhere until Monday, as the latest ER closure in the region has shuttered the department’s doors for 25 hours.
The two top contenders in British Columbia's provincial election dove deep into the various issues plaguing the Metro Vancouver area on Sunday, in some cases hearing directly from those most affected.
The brother of a 27-year-old man who was fatally shot in Scarborough over the weekend has been arrested and charged in connection with his death, say police.
A driver and a motorcyclist are receiving treatment at the hospital after colliding on Sunday evening in north Etobicoke.
A young person riding a dirt bike has been taken to the hospital with serious injuries following a collision in Brampton, say paramedics.
The City of Calgary ended water restrictions for the city at a Sunday morning update.
Nearly 100 Inglewood residents rallied Saturday afternoon in a continuing effort to save the Inglewood Aquatic Centre.
Nick Kolomyja reckons axe throwing may have saved his life.
Thousands participated in the 17th annual Canada Army Run Sunday in the capital's downtown.
Police are looking to speak with a female who was a passenger in a stolen vehicle that was recovered early Saturday morning in Kanata.
It's been one year since Michael Andlauer took over ownership of the Ottawa Senators and on Saturday, he spoke for the first time about the tentative deal for a new arena at LeBreton Flats.
Provincial police (SQ) are looking for 29-year-old Kelsey Watt, who went missing in Hemmingford, Que.
Nearly 15,000 runners pounded the pavement on Sunday in the 32nd edition of Montreal’s Bereva Marathon.
Â鶹´«Ã½ Montreal at Six for Sunday, Sept. 22, 2024 with anchor Matt Gilmour.
An Edmonton man says he was in the wrong place at the wrong time when he was injured by members of the Edmonton Police Service last year.
One person is dead after an early morning crash in west Edmonton.
Edmonton Oilers head coach Kris Knoblauch was happy with his team’s start to exhibition play, especially considering not a single player in his lineup on Sunday played with the club during its lengthy recent playoff run.
Saint John Theatre Company’s “Waiting for Godot†stars former "Corner Gas" star Eric Peterson, and R.H. Thomson, known for his role in "Anne with an E."
A 76-year-old man who was reported missing Saturday in Annapolis District, N.S., has been found deceased.
The head of the Air Canada pilots union says she'll step down if members opt not to approve a tentative deal with the airline, raising the stakes as aviators mull whether to accept hefty salary gains or drive an even harder bargain.
Manitoba RCMP and community members are still feverishly searching for a six-year-old boy who went missing five days ago.
Winnipeg police called in the bomb unit Saturday night after a suspicious item was found in a Centennial neighbourhood back lane.
While slang may come and go, experts say the phenomenon behind them, which constantly churns out brand-new bon mots, is as old as language itself.
The Philippine Association of Saskatchewan welcomed all newcomers to Regina on Sunday during its third annual Kabayan event.
Fire officials are investigating after a fire completely destroyed the community fridge in the Cathedral neighbourhood.
The last two months after losing her daughter Bella have been extremely difficult for Kyla Thomson.
Brantford, Ont. residents were met with an unexpected sight on Saturday evening as a suspected funnel cloud appeared in the skies above the city.
Police were called to a business in the area of University Avenue East and Weber Street North at around 10:40 p.m. Saturday for a report of a man attempting to stab another man.
Police said the pedestrian, a 52-year-old man, was taken to an out-of-region hospital with life-threatening injuries and the driver of the vehicle failed to remain at the scene.
A 14-year-old girl from Flying Dust First Nation was killed after a high-speed ATV struck a ditch near Meadow Lake.
The 75-year-old building, formerly the Waskesiu Chamber of Commerce building, was relocated to the Parks Canada compound on the edge of the townsite.
A 53-year-old woman from north Vancouver, B.C. was killed after a semi and truck collided on Highway 16 near Dafoe.
There were no injuries reported after a fired damaged a home on Regent Street near Douglas Street in Greater Sudbury’s west end on Sunday morning.
Prime Minister Justin Trudeau told delegates at the United Nations the world is at a global inflection point, having a choice between walking away from multilateralism or setting differences aside to confront serious global challenges.
Ontario’s police watchdog is investigating after an Ontario Provincial Police officer discharged his firearm at a 36-year-old man in near Moonbeam, Ont., on Friday night.
The identity of a motorcyclist has been revealed by loved ones on social media following Friday’s fatal south end collision in London. The London Police Service has not released anything regarding the driver’s identity.
The most popular hockey podcasters on the planet brought some major attention to the Forest City this weekend with the annual Chiclets Cup.
Wage increases, new paid holidays and a big signing bonus are part of the new contract for CAMI employees in Ingersoll, Ont.
One man is in police custody after fabricating a story to police and reporting his vehicle was stolen.
Fire crews worked to extinguish a fire at a tent encampment in Barrie on Sunday.
A year after being recognized as one of 19 ‘Bee Campuses’ by Bee City Canada, Georgian College continues to promote the importance of bees to agriculture, the economy and education.
As the City of Windsor celebrates the first east-end edition of its popular Open Streets event, officials say it likely won't be the last.
Essex-Windsor Emergency Medical Services (EMS) is reporting that it’s above the provincial target for sudden cardiac arrest response times.
The Amherstburg Uncommon Festival is living up to its name with the addition of a drone light show — a first for Essex County.
Work crews have been busy in the British Columbia legislature over the summer, prying apart desks in the historic chamber and piling them up in hallways as they tried to work out how to fit in six more seats.
The two top contenders in British Columbia's provincial election dove deep into the various issues plaguing the Metro Vancouver area on Sunday, in some cases hearing directly from those most affected.
A Victoria woman is now $1 million richer after winning a Maxmillions prize on a recent Lotto Max Draw.
A pair of runaway pigs are in the custody of an animal sanctuary in the Okanagan after evading police and volunteers for hours earlier this week.
The Red Bridge, a historic landmark in Kamloops, B.C., was completely destroyed by fire early Thursday morning.
Animal protection officers in British Columbia have rescued three pit bulls – including one that gave birth to 10 puppies – from a rat-infested home in Kelowna.
Despite the heavy rain, plenty of muscle turned up for United Way’s annual Pull the Bus fundraiser in Lethbridge Friday.
Lethbridge County has rescinded its fire restriction as a result of the recent cool, wet weathr.
The Lethbridge Hurricanes kicked off the 2024-25 season on a winning note Friday night, defeating the Edmonton Oil Kings 3-1 in a game played at VisitLethbridge.com Arena.
The Royal Canadian Mint has introduced its latest Gold Maple Leaf bullion coin – made entirely from gold sourced from a single mine in northern Ontario
A northern Ontario man is facing a $12,000 fine after illegally shooting a moose near the Batchawan River.
Following an outbreak of COVID-19 on its continuing care floor and just ahead of the flu season, St. Joseph’s General Hospital in Elliot Lake has opted to re-introduce a universal masking policy until further notice.
Newfoundland and Labrador sponsored a minor football team in England, now they’re about to play one of the biggest clubs in European soccer.
Newfoundland and Labrador's chief medical officer is monitoring the rise of whooping cough infections across the province as cases of the highly contagious disease continue to grow across Canada.
A 16-year-old biennial event aimed at fostering business in the country's eastern Arctic and northern regions has been cancelled indefinitely as a dispute unfolds between Inuit in Canada and a Labrador group claiming to share their heritage.
The Shopping Trends team is independent of the journalists at Â鶹´«Ã½. We may earn a commission when you use our links to shop. Read about us.
