Months after patching the iOS vulnerability that led to the infamous Pegasus spyware, Apple announced Tuesday that it is suing NSO Group, the organization reportedly behind the spyware, In addition to the suit, Apple is also seeking a permanent injunction to ban NSO Group from using any Apple software, services, or devices.
The Pegasus spyware came to light after a Washington Post report uncovered a global spyware operation targeting iPhones and Android phones. The investigations, which were conducted in conjunction with nonprofit groups Citizen Lab, Forbidden Stories, Amnesty International, and other human rights groups, found that military grade spyware was used to hack dozens of phones belonging to “journalists, human rights activists, business executives and two women close to murdered Saudi journalist Jamal Khashoggi.”
Though it was extremely unlikely that the spyware had infected more iPhones that the small number that were targeted, Apple patched the vulnerability in iOS 14.7.1. Apple is now seeking unspecified compensation for NSO Group’s “flagrant violations of US federal and state law.” Apple claims that NSO Group creates “sophisticated, state-sponsored surveillance technology that allows its highly targeted spyware to surveil its victims.”
Apple also announced that it will be donating $10 million as well as any damages received from the lawsuit to organizations specializing in “cybersurveillance research and advocacy.” It will also support Citizen Lab with “pro-bono technical, threat intelligence, and engineering assistance to aid their independent research mission, and where appropriate, will offer the same assistance to other organizations doing critical work in this space.”