WASHINGTON — Spyware researchers at the University of Toronto's Citizen Lab discovered a new major vulnerability exploit that would allow invasive spyware to infect various consumer Apple products with no tip-off to the victim. The revelation caused Apple on Monday to issue an emergency software patch, just a day before the company plans to release a list of new products.
The patch from Apple was released to stop the exploit which, as the Washington Post reported, was found in phone records for at least one Saudi political activist, and was flagged to Apple by the Citizen Lab investigation.
“We're not necessarily attributing this attack to the Saudi government,” said researcher Bill Marczak.
Apple said in their release on the update that the company "doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available."
The flaw affected all Apple's operating systems, the researchers said, which was reported on by the Associated Press.
The researchers found that the flaw allowed invasive spyware from the world’s most infamous hacker-for-hire firm, NSO Group, to infect the iPhone of a Saudi activist without any user interaction.
The method is known as the "zero click" exploit and allows people to be hacked without their knowledge or without offering any clues to the hack. The hack will allow governments or criminals to turn on a user's camera and microphone, and record activity on the device such as text messaging, emails and calls. Even encrypted messages on apps like Signal are vulnerable.
As the Associated Press reported, although Citizen Lab previously found evidence of zero-click exploits being used to hack into the phones of al-Jazeera journalists and other targets, “this is the first one where the exploit has been captured so we can find out how it works,” said Marczak.
On Tuesday, Apple is expected to announce the latest in a list of new iPhones, and then a huge software update for iOS 15 will be released soon, Forbes reported.
The Associated Press contributed to this report.