Apple announced yesterday that it has filed a lawsuit against the NSO Group, which is responsible for the Pegasus spyware that has been used in state-sponsored surveillance campaigns in a number of countries. As a reminder, the NSO Group seeks to exploit vulnerabilities in iOS and other platforms to infiltrate the devices of users such as journalists, activists, dissidents, academics and government officials.
In the course of the announcement Apple said the company is notifying the "small number of users" who were targeted via the exploit. The so-called FORCEDENTRY vulnerability allowed Pegasus to be installed undetected. It has since been closed. Apple went on to say that the company will continue to notify users it believes have been affected by state-sponsored espionage attacks. In line with this, Apple has published a new support document in which the company describes how it will notify these users. The notifications will be sent via email and iMessage to the addresses and phone numbers associated with users' Apple IDs. They will include additional steps users can take to protect their devices. In addition, a prominent banner reading "Threat Notification" will be displayed at the top of the page when the affected user logs into their account on the Apple ID web portal.
Protect yourself from espionage: These are the tips from Apple
The email and iMessage notifications never prompt users to click links or install apps, so users who receive such notifications should always log into their Apple ID accounts on the web to check if their accounts have been alerted and to learn what to do next. At the same time, Apple acknowledges that the notifications may contain false positives and that some attacks may go undetected as the tactics of state-sponsored attackers are constantly evolving.
Apple's methods for detecting threats will also evolve, so the company will not share information about its methods to prevent attackers from evading detection. Regardless of whether you receive an alert from Apple or not, the company advises all users to take the following steps to protect their devices:
- Update your devices to the latest software as it contains the latest security fixes.
- Protect your devices with a passcode.
- Use two-factor authentication and a strong password for your Apple ID.
- Install apps from the App Store.
- Use strong and unique passwords on the Internet.
- Do not click on links or attachments from unknown senders.
If you want to see the entire support document, you can find it here. (Photo by Skorzewiak / Bigstockphoto)
