New Flaw in Apple Devices Led to Spyware Infection, Researchers Say

Apple iPhone 14 phones sit on display at an Apple Store at The Grove in Los Angeles, Sept. 16, 2022. (AP)
Apple iPhone 14 phones sit on display at an Apple Store at The Grove in Los Angeles, Sept. 16, 2022. (AP)
TT

New Flaw in Apple Devices Led to Spyware Infection, Researchers Say

Apple iPhone 14 phones sit on display at an Apple Store at The Grove in Los Angeles, Sept. 16, 2022. (AP)
Apple iPhone 14 phones sit on display at an Apple Store at The Grove in Los Angeles, Sept. 16, 2022. (AP)

Researchers at digital watchdog group Citizen Lab said on Thursday they found spyware they linked to Israeli firm NSO that exploited a newly discovered flaw in Apple devices.

While inspecting the Apple device of an employee of a Washington-based civil society group last week, Citizen Lab said it found the flaw had been used to infect the device with NSO's Pegasus spyware, it said in a statement.

"We attribute the exploit to NSO Group's Pegasus spyware with high confidence, based on forensics we have from the target device," said Bill Marczak, senior researcher at Citizen Lab, which is based at the University of Toronto's Munk School of Global Affairs and Public Policy.

He said the attacker likely made a mistake during the installation which is how Citizen Lab found the spyware.

Citizen Lab said Apple confirmed to them that using the high security feature "Lockdown Mode" available on Apple devices blocks this particular attack.

"This shows that civil society is once again serving as the early warning system about really sophisticated attacks," said John Scott-Railton, senior researcher at Citizen Lab.

Citizen Lab did not provide further details on the affected individual or the organization.

The flaw allowed compromise of iPhones running the latest version of iOS (16.6) without any interaction from the victim, the digital watchdog said. The new update fixes this vulnerability.

Apple issued new updates on its devices after investigating the flaws reported by Citizen Lab. An Apple spokesperson said it had no further comment, while Citizen Lab urged consumers to update their devices.

NSO said in a statement, "We are unable to respond to any allegations that do not include any supporting research."

The Israeli firm has been blacklisted by the US government since 2021 for alleged abuses, including surveillance of government officials and journalists.



Amazon Must Comply with US Agency's Pregnancy Bias Probe, Judge Rules

FILE PHOTO: The logo of Amazon is seen at the company logistics center in Boves, France, May 13, 2019. REUTERS/Pascal Rossignol/File Photo
FILE PHOTO: The logo of Amazon is seen at the company logistics center in Boves, France, May 13, 2019. REUTERS/Pascal Rossignol/File Photo
TT

Amazon Must Comply with US Agency's Pregnancy Bias Probe, Judge Rules

FILE PHOTO: The logo of Amazon is seen at the company logistics center in Boves, France, May 13, 2019. REUTERS/Pascal Rossignol/File Photo
FILE PHOTO: The logo of Amazon is seen at the company logistics center in Boves, France, May 13, 2019. REUTERS/Pascal Rossignol/File Photo

A New York federal judge has ordered Amazon.com to comply with a subpoena from a US civil rights agency investigating claims that the online retailer discriminated against pregnant warehouse workers.

US District Judge Lorna Schofield in Manhattan late Thursday rejected Amazon's claims that the Equal Employment Opportunity Commission (EEOC) subpoena was too broad and sought irrelevant information.

The EEOC is seeking data on requests that pregnant workers at five US warehouses made for accommodations such as limits on heavy lifting and additional breaks, and whether Amazon granted or denied them, Reuters reported.
The commission's probe was prompted by complaints from five women who say they faced pregnancy discrimination while working at Amazon warehouses in New Jersey, Connecticut, North Carolina, and California.

Amazon provided the EEOC with more than 200,000 pages of data in response to the subpoena, but not the specific information requested by the agency, according to court filings.

Schofield in her ruling said the information sought in the subpoenas was necessary for the EEOC to determine whether Amazon engaged in illegal discrimination. The judge gave Amazon until Aug. 9 to comply with the subpoena.

Amazon did not immediately respond to a request for comment on Friday. An EEOC spokesman declined to comment.

In 2022, a New York state agency filed an administrative complaint accusing Amazon of requiring pregnant and disabled warehouse workers to take unpaid leaves of absence, even if they were capable of working, instead of providing accommodations. That case is pending.

Amazon has denied wrongdoing and said it strives to support it workers, but acknowledged in a statement responding to the New York complaint that "we don't always get it right."

The EEOC launched its probe last year and issued a subpoena seeking five categories of information, including data on accommodations Amazon provided to warehouse workers with disabilities. At the time, federal law only required companies to provide the same accommodations to pregnant workers that they gave to employees with disabilities.

A law passed later last year mandates that employers accommodate workers' pregnancies regardless of how they treat workers with disabilities.