Apple takes big steps towards cracking down NSO's Pegasus spyware

NSO group's Pegasus spyware is the infamous spyware that has been accused of infecting people's smartphones and leaking personal information. Apple has now announced that it is holding NSO Group "accountable" for the surveillance and targeting of Apple users. The company has filed an official lawsuit that provides "information on how NSO Group infected victims’ devices" and the company is also appealing a "permanent injunction" to ban NSO from using any Apple software, services, or devices.

Apple has accused the NSO Group of creating a "sophisticated, state-sponsored surveillance technology that allows its highly targeted spyware to surveil its victims." Craig Fedrighi, senior vice president of Software Engineering at Apple, said that these groups get away with this "without effective accountability" and "that needs to change."

Apple then explains how the NSO Group's Pegasus spyware made use of the FORCEDENTRY exploit to gain access to the personal information of thousands of people. The company says that it patched the exploit in iOS 14.8, but it is "sending a clear message" that "it is unacceptable to weaponize powerful state-sponsored spyware" with its lawsuit.

The company says that the users who were the victim of the FORCEDENTRY exploit will be notified by Apple, and will be notified of such attacks (if the user is affected) in the future. In addition, the company has also announced that it will be contributing "$10 million, as well as any damages from the lawsuit, to organizations pursuing cyber-surveillance research and advocacy."

How Apple will notify affected users

Source: Apple

In addition to filing a lawsuit, Apple also announced that it will start notifying the "small number of users" who were the victim of the FORCEDENTRY exploit. The company reiterates, in a *blog post*, that the patch has been fixed and it will start notifying users who the company believes have been the victim of the attack.

Apple says it will send a notification to the affected users via an email and iMessage to the addresses and phone numbers attached with the users' Apple IDs. The company says that it will lay down the steps that users can take to protect their accounts even further. Moreover, a "Threat Notification" banner will also be displayed on the users' Apple ID webpage that will notify the user about their account being compromised.

Apple says that the notifications it sends "may be false alarms" but the company says that it won't be able to "provide information about what causes [it] to issue threat notifications" as it may help cybercriminals "to evade detection in the future."

Lastly, Apple also highlights the "best practices" that protects users from cybercriminals and consumer malware:

• Update devices to the latest software, as that includes the latest security fixes
• Protect devices with a passcode
• Use two-factor authentication and a strong password for Apple ID
• Install apps from the App Store
• Use strong and unique passwords online
• Don't click on links or attachments from unknown senders

Source Apple | Via MacRumors 1, 2