Don’t ignore the security update today

Apple on Monday released a series of emergency security updates following the discovery of a vulnerability that allowed Israeli company NSO Group to infect Apple products with spyware.

Major concern: The vulnerability, discovered by researchers at Citizen Lab, applied to Apple iOS, MacOS and WatchOS products, and was described by the researchers as a “zero-day zero-click exploit” targeted against iMessage.

Apple released security updates for each of the products on Monday after Citizen Lab disclosed the vulnerability to the company last week, with Apple noting in the update that it was “aware of a report that this issue may have been actively exploited.”

The New York Times first reported the discovery of the vulnerability on Monday.

Citizen Lab researchers discovered the vulnerability while examining the phone of a Saudi Arabian activist that had been known to be infected with an NSO Group spyware program. The vulnerability discovered by the researchers targeted the Apple image rendering library, enabling NSO Group to remotely infect and exploit the targeted devices.

“This spyware can do everything an iPhone user can do on their device and more,” John-Scott Railton, a senior researcher at Citizen Lab, told The New York Times Monday.

Familiar name: This is far from the first time that products from NSO Group, and the company itself, have come under fire for allegations of human rights and privacy abuses.