?Clickless? exploits from Israeli firm hacked activists? fully updated iPhones

Smartphones belonging to more than three dozen journalists, human rights activists, and business executives have been infected with powerful spyware that an Israeli firm sells, purportedly to catch terrorists and criminals, The Washington Post and other publications reported.The handsets were infected with Pegasus, full-featured spyware developed by NSO Group. Journalists on the list worked for leading news organizations, including CNN, the Associated Press, Voice of America, The New York Times, The Wall Street Journal, Bloomberg News, Le Monde in France, the Financial Times in London, and Al Jazeera in Qatar.“The targeting of the 37 smartphones would appear to conflict with the stated purpose of NSO’s licensing of the Pegasus spyware, which the company says is intended only for use in surveilling terrorists and major criminals,” Sunday’s Washington Post said. While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data.Researchers at the time determined that text messages sent to UAE dissident Ahmed Mansoor exploited what were three iPhone zero-day vulnerabilities to install Pegasus on his device. That same month, Facebook sued NSO, allegedly for attacks that used clickless exploits to compromise WhatsApp users' phones.Last December, Citizen Lab said a clickless attack developed by NSO exploited what had been a zero-day vulnerability in Apple’s iMessage to target 36 journalists.The exploits that NSO and similar firms sell are extremely complex, costly to develop, and even more expensive to purchase.