Apple has warned journalists working for certain Russian news outlets that their iPhones may be compromised with surveillance software called Pegasus.
As first reported by cybersecurity watchdog AccessNow, an unknown group targeted Galina Timchenko, a journalist at the independent Russian media outlet Meduza, in June of 2023 using the Pegasus spyware.
The New York Times reports Apple ultimately sent notifications to iPhone users at several Russian media organizations, warning them that state actors may have compromised their phones with the spyware.
Pegasus is able to retrieve messages, media and contact information from infected phones without alerting the user. The New York Times says some governments, including those of Mexico and Saudi Arabia, have used the software to spy on journalists and other groups.
On its website, Apple says attacks like these — and the warnings it sends when it detects them — are aimed at specific individuals.
“These users are individually targeted because of who they are or what they do,” the company writes. “Unlike traditional cybercriminals, state-sponsored attackers apply exceptional resources to target a very small number of specific individuals and their devices, which makes these attacks much harder to detect and prevent.”
The risk from Pegasus also contributed to Apple’s decision to issue emergency security patches in early September.
The company said “processing a maliciously crafted image” was all it took to give Pegasus access to a device.
The software update is available for the iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later.
To upadte an iOS device, go to Settings > General > Software Update.