Bulletins

Apple issues urgent security updates to fix major flaw in iOS and MacOS

Researchers at the University of Toronto discovered a serious vulnerability that gave Israel's NSO Group access to Apple users' devices.

Apple
Apple logo
Photo: Justin Sullivan/Getty Images

Apple is pushing out a software update after researchers discovered a major vulnerability on the phone of a Saudi activist that allowed Israel's NSO Group to access Apple users' devices, even if those users didn't click on anything. The vulnerability, which was first discovered by researchers at the University of Toronto's Citizen Lab and which Apple confirmed to The New York Times, affects Apple iOS, MacOS and WatchOS.


In their report, the Citizen Lab researchers named the NSO Group exploit ForcedEntry. "We determined that the mercenary spyware company NSO Group used the vulnerability to remotely exploit and infect the latest Apple devices with the Pegasus spyware," the researchers wrote, noting that they alerted Apple to the vulnerability. "We believe that ForcedEntry has been in use since at least February 2021."

According to the researchers, the vulnerability in Apple's software allowed the NSO Group to infect Apple devices with spyware known as Pegasus. "This spyware can do everything an iPhone user can do on their device and more," John Scott-Railton, one of the Citizen Lab researchers told the Times.

In a statement to Protocol, Apple's head of security engineering and architecture, Ivan Krstić, said the company had "rapidly developed and deployed a fix in iOS 14.8 to protect our users" and commended Citizen Lab for "obtaining a sample of this exploit."

"Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals," Krstić said. "While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data."

This story has been updated with comment from Apple.

People

Theranos machines often failed tests, ex-employee testifies

The testimony from lab-worker-turned-whistleblower Erika Cheung could form a crucial piece of government prosecutors' fraud case against former Theranos CEO Elizabeth Holmes.

The former Theranos headquarters in Palo Alto.

Photo: Andrej Sokolow via Getty Images

Did Theranos' blood-testing technology work? That was the key question prosecutors hammered away at as the fraud trial of former CEO Elizabeth Holmes continued Wednesday in a San Jose courtroom.

The company's proprietary Edison machines routinely failed quality control tests to the point that former lab employee Erika Cheung said she sometimes refused to run patient samples on the devices, she testified in court.

Keep Reading Show less
Biz Carson

Biz Carson ( @bizcarson) is a San Francisco-based reporter at Protocol, covering Silicon Valley with a focus on startups and venture capital. Previously, she reported for Forbes and was co-editor of Forbes Next Billion-Dollar Startups list. Before that, she worked for Business Insider, Gigaom, and Wired and started her career as a newspaper designer for Gannett.

While it's easy to get lost in the operational and technical side of a transaction, it's important to remember the third component of a payment. That is, the human behind the screen.

Over the last two years, many retailers have seen the benefit of investing in new, flexible payments. Ones that reflect the changing lifestyles of younger spenders, who are increasingly holding onto their cash — despite reports to the contrary. This means it's more important than ever for merchants to take note of the latest payment innovations so they can tap into the savings of the COVID-19 generation.

Keep Reading Show less
Antoine Nougue,Checkout.com

Antoine Nougue is Head of Europe at Checkout.com. He works with ambitious enterprise businesses to help them scale and grow their operations through payment processing services. He is responsible for leading the European sales, customer success, engineering & implementation teams and is based out of London, U.K.

Protocol | Policy

Big Tech builds bit by bit. The FTC is challenging that.

The FTC on Wednesday unveiled the findings of a study on the small deals that helped Big Tech grow without regulatory scrutiny, and took steps to treat such acquisitions more skeptically.

The FTC is putting more scrutiny on the small deals that built Big Tech.

Photo: Ian Hutchinson/Unsplash

The Federal Trade Commission on Wednesday took a dive into the kinds of deals that make Big Tech, well, big.

The commission unveiled findings from an investigation into hundreds of small acquisitions that companies such as Facebook, Amazon and Google undertook with little government oversight, which helped those titanic businesses reach their current size and power. Some of those transactions evaded regulator scrutiny thanks to loopholes in the law, the report found.

Keep Reading Show less
Ben Brody

Ben Brody (@ BenBrodyDC) is a senior reporter at Protocol focusing on how Congress, courts and agencies affect the online world we live in. He formerly covered tech policy and lobbying (including antitrust, Section 230 and privacy) at Bloomberg News, where he previously reported on the influence industry, government ethics and the 2016 presidential election. Before that, Ben covered business news at CNNMoney and AdAge, and all manner of stories in and around New York. He still loves appearing on the New York news radio he grew up with.

Protocol | China

Tencent dominates digital donations in China. That’s the problem.

After building the only successful digital fundraising platform in China, Tencent's immense impact in the charity world raises questions about inequality, state censorship and platform responsibility.

Tencent's 99 Giving Day has grown into a behemoth, facilitating million of dollars' worth of donations on a yearly basis.

Image: Christopher T. Fong / Protocol

An hour before September 9, Eric, a nonprofit fundraising worker in southern China, was as frustrated as he'd been in months. It was way past his normal work hours, but he had just finished writing a few paragraphs he hoped to send to people tomorrow to ask for donations. He received his first blow from one friend, who commented that his plan felt "insincere;" and then, during a WeChat conversation with another friend, he casually brought up the project he was fundraising for and got the half-joking reply: "Don't do this to me." Eric's frustration was verging on anger.

For Eric, and countless nonprofit workers in China, this wasn't a normal day. Tomorrow would be the "99 Giving Day," an online donation bonanza that Tencent, one of China's most prominent tech companies, created in 2015 and has since grown into the most important event annually for charity workers. Every year for a few days leading up to Sept. 9, Tencent takes out tens of millions of dollars' worth of its own money to match the donations made on its Tencent Charity platform, a mini-app in WeChat where thousands of fundraising projects are listed. But to make the magic happen on these few days, nonprofit workers often start preparing months in advance, learning the platform's arcane rules, planning their strategies and mobilizing their giving communities. As the event grows bigger and the rules grow more complicated, the work is taking an emotional toll on people like Eric.

Keep Reading Show less
Zeyi Yang
Zeyi Yang is a reporter with Protocol | China. Previously, he worked as a reporting fellow for the digital magazine Rest of World, covering the intersection of technology and culture in China and neighboring countries. He has also contributed to the South China Morning Post, Nikkei Asia, Columbia Journalism Review, among other publications. In his spare time, Zeyi co-founded a Mandarin podcast that tells LGBTQ stories in China. He has been playing Pokemon for 14 years and has a weird favorite pick.
People

Is this the laptop of the future?

Framework CEO Nirav Patel on right to repair, longevity and building a business out of selling fewer laptops.

Framework's laptop looks like a laptop, but it's built very differently.

Photo: Framework

Nirav Patel spent a long time building cutting-edge hardware, both at Apple and at Oculus. But when he founded his own company, Framework, he picked a decidedly more mature (and maybe less exciting) product to focus on: PCs.

The Framework Laptop, the company's first product, is a $999, 13.5-inch clamshell that looks and feels a lot like, well, every other laptop on the market. Except for the fact that you can take it apart, practically piece by piece, and repair or upgrade nearly everything inside. From the processor to the keyboard to the memory to the battery, Framework's laptop is a vision for a future that gives users more control over their gadgets, and gives longer life to the gadgets themselves.

Keep Reading Show less
David Pierce

David Pierce ( @pierce) is Protocol's editor at large. Prior to joining Protocol, he was a columnist at The Wall Street Journal, a senior writer with Wired, and deputy editor at The Verge. He owns all the phones.

Latest Stories