Apple patches exploit attributed to hacker-for-hire firm

Apple released an emergency software patch to fix a security vulnerability that researchers said could allow hackers to directly infect iPhones and other Apple devices without any user action.

The researchers at the University of Toronto's Citizen Lab said the flaw allowed spyware from the world's most infamous hacker-for-hire firm, NSO Group, to directly infect the iPhone of a Saudi activist. The flaw affected all Apple's operating systems, the researchers said. It was the first time a so-called "zero-click" exploit had been caught and analyzed, said the researchers, who found the malicious code on Sept. 7 and immediately alerted Apple. They said they had high confidence the Israeli company NSO Group was behind the attack, adding that the targeted activist asked to remain anonymous. "We're not necessarily attributing this attack to the Saudi government," said researcher Bill Marczak.