The amount of time that Apple sat on this is telling.
First reports on NSO activity are from 2016, Facebook filed in 2019, Apple iOS 14.8 fix released in Sept 2021.
Only when the constant negative news about NSO started chipping at their reputation, did they decide to make this symbolic (and ultimately ineffective) move.
Read the New York Times article. It says that Apple was only able to file this suit because of a court ruling in a similar suit by Facebook and because it was given code that showed it how Pegasus works.
There is nothing at all "telling" about Apple's timing.
I think it also didn't hurt for the US Dept. of Commerce to add NSO Group to the Entity List for Malicious Cyber Activities just 2 weeks ago. It certainly doesn't hurt your case for the US Gov't to officially list them.
> NSO Group and Candiru (Israel) were added to the Entity List based on evidence that these entities developed and supplied spyware to foreign governments that used these tools to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers. These tools have also enabled foreign governments to conduct transnational repression, which is the practice of authoritarian governments targeting dissidents, journalists and activists outside of their sovereign borders to silence dissent. Such practices threaten the rules-based international order.
But it reads to me as: Apple legal team has to act because Facebook suit (and the info made public) makes it impossible to say that "Apple was not aware" of such and such details.
To me it is much easier to believe the above, compared to your "Apple is only now seeing this info, and only now is aware, and only now can act".
Look, if you don't know how legal standing works, that's one thing. But to reject the explanation provided to you and to cite your own ignorance as a legitimate source of disbelief while you poo-poo away a dispositive fact isn't reasoning.
It's as if you don't get the point about legal standing. Apple can only take action now because of a court deciding that Facebook's TOS forum clause is actually binding. If they filed the case prior to such a holding, it'd have been dismissed.
>If they filed the case prior to such a holding, it'd have been dismissed.
...Or when Facebook eventually followed up, you'd be making the excuse Facebook was justified in waiting for Apple to test the waters? Somebody has to move first.
No, but Apple probably didn't want to spend 4 years litigating the TOS issue prior to ever reaching the merits. There's also the risk that they lose the TOS issue.
Indeed, a wonderland where it is OK for a 2 trillion dollar company to take 5 years to fix vulnerabilities that put in danger many of its users worldwide.
That assumes, wrongly, that Apple only patched the vulnerabilities used by NSO since 2016 in iOS 14.8.
In reality, Apple has been reacting to and fixing new exploits all the time, with NSO Group (and others) successfully finding new ones to replace those that got patched.
For instance, the main class of NSO-related attacks has been via the Messages app and related frameworks, which were relatively poorly designed in terms of their original security architecture. Apple has since 2016 substantially hardened those subsystems, including with a new 'BlastDoor' isolation layer specifically for Messages in iOS 14. That closed off entire classes of exploits, but is clearly not perfect.
except thats it’s curiously well timed for this news to drop at the beginning of holiday shopping, like an advertisement, or possibly, this is pure marketing. nso and apple are partners. apple leaves holes, nso exploit, said holes.
That's a pretty massive thing to imply without any followup. As someone who understands how tech, business, governments and security services work, care to enlighten the rest of us?
First reports on NSO activity are from 2016, Facebook filed in 2019, Apple iOS 14.8 fix released in Sept 2021.
Only when the constant negative news about NSO started chipping at their reputation, did they decide to make this symbolic (and ultimately ineffective) move.