Apple Patches Up Devices In Response To The Exposure Of Yet Another NSO Group Exploit
from the soon-they-will-make-a-board-with-a-nail-so-big-it-will-destroy-them-all dept
Israeli digital arms merchant NSO Group continues to sell its malware to a wide variety of governments. The governments it sells to, which includes a bunch of notorious human rights abusers, continue to use these exploits to target dissidents, activists, journalists, religious leaders, and political opponents. And the manufacturers of the devices exploited by governments to harm people these governments don’t like (NSO says “criminals and terrorists,” long-term customers say “eh, whoever”) continue to patch things up so these exploits no longer work.
The circle of life continues. No sooner had longtime critic/investigator of NSO Group’s exploits and activities — Citizen Lab — reported the Bahrain government was using “zero click” exploits to intercept communications and take control of targeted devices then a patch has arrived. Apple, whose devices were compromised using an exploit Citizen Lab has dubbed FORCEDENTRY, has responded to the somewhat surprising and altogether disturbing news that NSO has developed yet another exploit that requires no target interaction at all to deploy.
Apple released a patch Monday against two security vulnerabilities, one of which the Israeli surveillance company NSO Group has exploited, according to researchers.
The updated iOS software patches against a zero-click exploit that uses iMessage to launch malicious code, which in turn allows NSO Group clients to infiltrate targets — including the phone of a Saudi activist in March, researchers at Citizen Lab said.
The backdoor being closed involves a pretty clever trick of the trade. Since links require clicks and images don’t, the exploit utilizes a tainted gif to crash Apple’s image rendering library, which is then used to launch a second exploit that gives NSO customers control of these devices, allowing them to browse internal storage and eavesdrop on communications.
It’s not the first time NSO has developed a zero-click exploit that affects iOS devices. It’s just the latest exposed by Citizen Lab’s incredible investigation efforts. Thanks to Citizen Lab, more Apple device users around the world are better protected against malicious hackers… working for a company that sells exploits to government agencies. And whatever can be nominally exploited for good (the terrorists and criminals NSO continues to claim its customers target, despite an ever-growing mountain of evidence that says otherwise) can be exploited by governments and malicious hackers who don’t even have sketchy “national security” justifications to raise in the defense of their actions.
The arms race continues. It appears marketers of exploits will continue to do what they’ve always done: maintain over-the-air superiority for as long as possible. And while it may seem this is just part of the counterterrorism game, NSO Group’s tacit approval of the targeting of dissidents, journalists, and others who have angered local governments (but have never committed any terrorist or criminal acts) shows it’s not willing to stop profiting from the misery of people being hunted and harmed by repressive regimes.
Filed Under: ios, iphone, malware, patches, surveillance
Companies: apple, nso group
Comments on “Apple Patches Up Devices In Response To The Exposure Of Yet Another NSO Group Exploit”
More hipocrisy
If the NSO Group were located in a different country, or perhaps were of a different religion, they would surely have been designated terrorists themselves by now. In any case, it still seems like the NSO Group might be more deserving of a drone strike than other recent recipients.
Not that anyone should hit them with a drone strike, just that they might be considered more deserving.
Surprising?
What’s surprising? Computer security is a shitshow, and we knew that. I suppose it’s "somewhat surprising" that neither Apple nor any "white hat" hackers had noticed a flaw in the GIF library till now. It’s a 30-year-old format that may well be using 30-year-old code, and is auto-displayed by various programs—kind of an obvious target (better also check BMP, MPEG1, and fonts, at least).
I have issues with stuff that automatically download and load pictures, videos with a small exception for web browsers where at the very least you decided to load the site. I configured all my apps to ask first before displaying any multimedia content. Maybe they should make this the default and not the opposite?
Re: Re:
That doesn’t mean much. Most sites, including Techdirt, will include a bunch of shit you never decided to load. This very page includes things from Google, Soundcloud, and "fontawesome". And then there are ads, where anyone with a few dollars can send (almost) whatever they want to the browsers of anyone foolish enough to browse without an adblocker. Browsers are often quite willing to interpret formats that many would regard as archaic.
Then/than
"Than". "No sooner had… than…" Although this is a description of one thing happening and then another, if you rearrange it it becomes more clear: "X happened no sooner than Y".