April 11, 2024 at 02:57AM
Apple updates its spyware threat notification system to alert users of possible individual targeting. The move responds to global and ongoing mercenary spyware attacks, particularly on journalists and activists. The company also sent threat notifications to iPhone users in 92 countries. International efforts are underway to counter the misuse of commercial spyware. Commercial surveillance vendors were involved in exploiting 97 zero-day vulnerabilities in 2023.
Key Takeaways from the Meeting Notes:
1. Apple revises spyware threat notification system to alert users of individual targeting, specifically calling out companies like NSO Group for developing commercial surveillance tools.
2. Threat notifications sent to iPhone users in 92 countries at 12:00 p.m. PST on Wednesday, coinciding with the revision to the support page.
3. Apple has been sending threat notifications to warn users targeted by state-sponsored attackers since November 2021, without attributing the attacks to any particular actor or region.
4. Efforts by governments around the world to counter misuse and proliferation of commercial spyware, with several countries working to develop safeguards against invasive surveillance technology.
5. Google’s Threat Analysis Group (TAG) and Mandiant reported that commercial surveillance vendors were behind the exploitation of a significant number of zero-day vulnerabilities discovered in 2023, particularly targeting web browsers and mobile devices running Android and iOS.
6. Google emphasized the increased exploitation driven by private sector firms and a notable increase in zero-day vulnerability leveraging by threat actors.
7. Increased security investments by companies are affecting the types of vulnerabilities threat actors can exploit, necessitating bypassing security guardrails to infiltrate target devices.
Let me know if you need further details or clarifications on any of these points!