Apple sues NSO Group because its Pegasus spyware was used to target iPhone users

Apple is taking Israel’s NSO Group to court because its Pegasus spyware was used extensively for surveillance and targeting of high-profile iPhone users.

A still image taken from Apple's September 2021 “California Streaming” event video which shows CEO Tim Cook standing on stage and talking enthusiastically while gesturing with his hands


  • Apple is suing NSO Group because it provided software to spy on Apple users
  • Apple also set aside $10 million to support cyber-surveillance researchers
  • These attacks are aimed at high-profile targets and impact iOS and Android platforms

Why is Apple taking NSO Group to court?

Apple turned privacy into its competitive advantage so the definitive confirmation that the infamous Pegasus spyware, created by Israel’s NSO Group, was used to target and surveil high-profile Apple users must have been a particular shock to its leadership.

Announcing the move via a press release published on the Apple Newsroom website, the iPhone maker defines NSO Group as a software company that creates “sophisticated, state-sponsored surveillance technology that allows its highly targeted spyware to surveil its victims.”

From the announcement:

Apple today filed a lawsuit against NSO Group and its parent company to hold it accountable for the surveillance and targeting of Apple users. The complaint provides new information on how NSO Group infected victims’ devices with its Pegasus spyware. To prevent further abuse and harm to its users, Apple is also seeking a permanent injunction to ban NSO Group from using any Apple software, services or devices.

Apple’s software chief Craig Federighi says something needs to be done about companies like NSO Group spending significant resources on sophisticated surveillance technologies without effective accountability.

Apple devices are the most secure consumer hardware on the market—but private companies developing state-sponsored spyware have become even more dangerous. While these cybersecurity threats only impact a very small number of our customers, we take any attack on our users very seriously, and we’re constantly working to strengthen the security and privacy protections in iOS to keep all our users safe.

The lawsuit seeks to ban NSO Group from “further harming individuals” by using Apple’s products, and redress for NSO’s violations of US federal and state law.

How Pegasus spyware works

The software takes advantage of so-called zero-day exploits.

A zero-day exploit is a vulnerability in computer software for which there’s no patch because it’s unknown at the time to those who should be interested in its mitigation. Apple has a bounty program that awards hackers with identifying critical bugs, but often times zero-day exploits end up in the wrong hands. Parties like the FBI and CIA pay millions of dollars for the license to use surveillance software such as NSO Group.

Whenever Apple patches known zero-day exploits, the move affects companies like NSO Group which must find other vectors of attack or wait until new zero-day exploits are discovered. Pegasus was used extensively to spy on a group of journalists, activists, dissidents, academics and government officials.

iPhones of those high-profile targets were broken into thanks to a particularly nasty vulnerability in the iMessage media parsing engine (which Apple has fixed with iOS 14.8). The vulnerability made it possible for a bad actor to send a victim a maliciously crafted iMessage that doesn’t light up the screen, produce a sound or put up a banner.

It also doesn’t appear in the Messages list so the victim is completely unaware that something’s going on. The message causes a memory leak in Messages that allows the spyware to be installed. Now the remote operator has the power to download just about anything stored on your phone, including your photos, messages, call list and so on.

Apple has acknowledged that iOS 15 packs new security protections, including “significant upgrades” to the BlastDoor security mechanism that was designed to shield Messages from such attacks. “While NSO Group spyware continues to evolve, Apple has not observed any evidence of successful remote attacks against devices running iOS 15 and later versions,” the company notes.

Pegasus also targets cloud data on infected phones, making it that more dangerous.