Apple on Tuesday filed a lawsuit against mercenary spyware company NSO Group and its parent company, seeking a permanent injunction that bans NSO Group from using any Apple software, services or devices. The complaint also provides new information on how NSO Group infected victims’ Apple devices with its Pegasus spyware.
“State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change,” said Craig Federighi, Apple SVP of Software Engineering, said in a statement. “While these cybersecurity threats only impact a very small number of our customers, we take any attack on our users very seriously, and we’re constantly working to strengthen the security and privacy protections in iOS to keep all our users safe.”
Apple’s complaint says NSO Group delivered its FORCEDENTRY exploit to Apple devices by creating Apple IDs that sent malicious data to a victim’s device. This enabled the installation of Pegasus spyware without a victim’s knowledge.
Researchers with Citizen Lab discovered the zero-day, zero-click exploit in September, and Apple released an urgent security update for Mac, iPhone, iPad and Watch users to patch the vulnerability.
Apple says in its complaint that Apple servers were misused to deliver FORCEDENTRY but were not