Apple is taking Israel’s NSO Group to court because its Pegasus spyware was used extensively for surveillance and targeting of high-profile iPhone users.
HIGHLIGHTS
Why is Apple taking NSO Group to court?
Apple turned privacy into its competitive advantage so the definitive confirmation that the infamous Pegasus spyware, created by Israel’s NSO Group, was used to target and surveil high-profile Apple users must have been a particular shock to its leadership.
From the announcement:
Apple today filed a lawsuit against NSO Group and its parent company to hold it accountable for the surveillance and targeting of Apple users. The complaint provides new information on how NSO Group infected victims’ devices with its Pegasus spyware. To prevent further abuse and harm to its users, Apple is also seeking a permanent injunction to ban NSO Group from using any Apple software, services or devices.
Apple’s software chief Craig Federighi says something needs to be done about companies like NSO Group spending significant resources on sophisticated surveillance technologies without effective accountability.
The lawsuit seeks to ban NSO Group from “further harming individuals” by using Apple’s products, and redress for NSO’s violations of US federal and state law.
How Pegasus spyware works
The software takes advantage of so-called zero-day exploits.
A zero-day exploit is a vulnerability in computer software for which there’s no patch because it’s unknown at the time to those who should be interested in its mitigation. Apple has a bounty program that awards hackers with identifying critical bugs, but often times zero-day exploits end up in the wrong hands. Parties like the FBI and CIA pay millions of dollars for the license to use surveillance software such as NSO Group.
Whenever Apple patches known zero-day exploits, the move affects companies like NSO Group which must find other vectors of attack or wait until new zero-day exploits are discovered. Pegasus was used extensively to spy on a group of journalists, activists, dissidents, academics and government officials.
(1)@AmnestyTechsaw an iOS 14.6 device hacked with a zero-click iMessage exploit to install Pegasus. We at@citizenlabalso saw 14.6 device hacked with a zero-click iMessage exploit to install Pegasus. All this indicates that NSO Group can break into the latest iPhones.
— Bill Marczak (@billmarczak)July 30, 2025
iPhones of those high-profile targets were broken into thanks to a particularly nasty vulnerability in the iMessage media parsing engine (which Apple has fixedwith iOS 14.8). The vulnerability made it possible for a bad actor to send a victim a maliciously crafted iMessage that doesn’t light up the screen, produce a sound or put up a banner.
It also doesn’t appear in the Messages list so the victim is completely unaware that something’s going on. The message causes a memory leak in Messages that allows the spyware to be installed. Now the remote operator has the power to download just about anything stored on your phone, including your photos, messages, call list and so on.
Apple has acknowledged that iOS 15 packs new security protections, including “significant upgrades” to the BlastDoor security mechanism that was designed to shield Messages from such attacks. “While NSO Group spyware continues to evolve, Apple has not observed any evidence of successful remote attacks against devices running iOS 15 and later versions,” the company notes.
Pegasus alsotargets cloud data on infected phones, making it that more dangerous.
