On September 17th, Apple released an update which would resolve a previously undiscovered weak point in the company’s security that was discovered earlier in September, according to NPR. Researchers at the University of Toronto’s Citizen Lab said that the breach had been used by the Israeli hacking firm NSO on a Saudi Arabian activist’ iPhone. According to NPR, the breach was what was called a zero-click exploit, which would allow hackers to access any of a user’s Apple products, including Macs, Macbooks, Apple Watches and iPhones, without the user clicking on a link or opening a file. According to NPR, this attack was the first time that such an exploit was detected and analyzed by researchers. 

NPR reported that experts say that the exploit would not have generally been used against ordinary people, but against specific, higher value targets including journalists and activists. NPR reports that these kinds of attacks have been used against journalists for Al-Jazeera for the past several years, but that experts have been unable to isolate the code used to execute the attacks. The way the exploit works, as reported by NPR, is that photos were sent to a target’s phone using the iMessage app and compromised by NSO’s spyware, Pegasus, after they were received by the target’s phone. This allowed the hacker to steal photos and eavesdrop on a target’s phone conversation remotely.

Similar exploits have been used by other governments across the globe and have been the subject of much criticism. According to NPR, human rights activists, journalists, and political dissidents have been the target of attacks by such malware. Several countries have been accused of taking advantage of the exploit, including Hungary, India, Saudi Arabia and a Moroccan security agency.  Hungary, Saudi Arabia and India have all been accused of using the service against political dissidents, activists, or journalists. Morocco, however, stands accused of using the exploit to spy on members of the government of its ally, France, in 2019; however, the government vehemently denies the charges and is taking the matter to court. In addition, according to NPR, someone attempted to use the exploit on approximately 1400 WhatsApp users in late 2019. 

Apple released an update to counter the vulnerability on September 17th. According to NPR, Security experts recommend getting the update as soon as possible despite the fact that its use on ordinary people is not commonplace. To install the update, enter the iPhone’s settings and go to the general settings. From there, tap on the Software Updates tab and install the update.