Apple says the iMessage flaw NSO's Pegasus uses is 'not a threat' to most

Ios 14 Messages Groups Inline Replies Mentions
Ios 14 Messages Groups Inline Replies Mentions (Image credit: Christine Romero-Chan / iMore)

What you need to know

  • Apple says that a flaw in iOS that is exploited by NSO Group's Pegasus system is "not a threat" to most people.
  • The company says it's working to add new protections "constantly."

Following the news earlier today that journalists and other high profile people are being targeted by the Pegasus spyware, Apple has released a statement on the matter. Pegasus was reportedly able to exploit a flaw in iMessage, even on devices running iOS 14.6.

In a statement provided to the Washington Post, Apple Security Engineering and Architecture head Ivan Krstić suggested that there's no fix for the issue, but that Pegasus and similar spyware is "not a threat" to most people.

The full release reads:

Apple unequivocally condemns cyberattacks against journalists, human rights activists, and others seeking to make the world a better place. For over a decade, Apple has led the industry in security innovation and, as a result, security researchers agree iPhone is the safest, most secure consumer mobile device on the market. Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals. While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data.

While that will surely be comforting to most people, it does suggest that Apple doesn't yet have a fix for the issue that was reported earlier today. That might also suggest that the upcoming iOS 15 will also be susceptible to such a spyware attack. That's very bad news for the thousands of people who are on the hitlist collected by NSO customers.

The analysis Amnesty International conducted of several devices reveal traces of attacks similar to those we observed in 2019. These attacks have been observed as recently as July 2021. Amnesty International believes Pegasus is currently being delivered through zero-click exploits which remain functional through the latest available version of iOS at the time of writing (July 2021).

Apple released iOS 14.7 to the public today and I have to assume that doesn't have a fix for Pegasus, either. Apple would presumably have mentioned that in its note to the Washington Post if it did.

Oliver Haslam
Contributor

Oliver Haslam has written about Apple and the wider technology business for more than a decade with bylines on How-To Geek, PC Mag, iDownloadBlog, and many more. He has also been published in print for Macworld, including cover stories. At iMore, Oliver is involved in daily news coverage and, not being short of opinions, has been known to 'explain' those thoughts in more detail, too.

Having grown up using PCs and spending far too much money on graphics card and flashy RAM, Oliver switched to the Mac with a G5 iMac and hasn't looked back. Since then he's seen the growth of the smartphone world, backed by iPhone, and new product categories come and go. Current expertise includes iOS, macOS, streaming services, and pretty much anything that has a battery or plugs into a wall. Oliver also covers mobile gaming for iMore, with Apple Arcade a particular focus. He's been gaming since the Atari 2600 days and still struggles to comprehend the fact he can play console quality titles on his pocket computer.

1 Comment
  • Ah yes so they can't figure out how to fix it so they use the "it won't affect most people" as if it is ok...