Skip to main content

Security Bite: A brief history of Apple’s legal fight with NSO

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.


Earlier last week, we learned that Apple wants to revoke its three-year-long lawsuit against the prominent spyware maker NSO Group. The news came as a shock, especially since Apple was winning the case. In this week’s edition of Security Bite, let’s take a brief look at the legal battle that could have set significant precedents in digital privacy and why Apple suddenly wants to withdraw completely.

About Security Bite: Security Bite is the security-focused column on 9to5Mac. Every week, Arin Waichulis sheds light on the latest in data privacy, vulnerabilities, or emerging threats within Apple’s vast ecosystem of over 2 billion active devices.

In 2021, Apple made a rare announcement via its newsroom declaring its lawsuit against the Israeli-based company. The aim was to hold the NSO Group accountable for the misuse of its Pegasus spyware.

The highly evasive form of malware, which was sold to several authoritarian governments to spy on its citizens, allowed undetectable access to an iPhone or Android’s microphone, camera, and other sensitive data on the device, which created a dangerous situation for activists, government officials, journalists, and dissidents. Not to mention people’s perception of Apple as a brand, especially during the height of its “Privacy. That’s iPhone.” campaign.

“State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change,” said Craig Federighi, Apple’s senior vice president of Software Engineering. “Apple devices are the most secure consumer hardware on the market — but private companies developing state-sponsored spyware have become even more dangerous. While these cybersecurity threats only impact a very small number of our customers, we take any attack on our users very seriously, and we’re constantly working to strengthen the security and privacy protections in iOS to keep all our users safe.”

Early versions of Pegasus required users to click on a link sent via iMessage; however, its attack chain quickly advanced. Within the same year, researchers at Google’s Project Zero team discovered a newer chain of attacks that implemented a zero-click exploit in iMessage. This now meant a user would no longer have to click or interact with the attack to be infected.

Apple alleged that the NSO’s actions violated the Computer Fraud and Abuse Act and sought monetary damages and a court order to keep the NSO software off the iPhone.

NSO’s defense? The group claimed its software was built for government agencies only for law enforcement, such as fighting crime and terrorism. It affirmed its defense earlier this year based on sovereign immunity, asserting that it should be protected from legal accountability because its clients are foreign governments.

Apple’s withdrawal

In a surprising court filing on Friday, Apple abruptly decided to drop its lawsuit against the NSO Group, saying that continuing would pose “too significant a risk.” As reported by the Washington Post‘s Joseph Menn, Apple alluded to a scenario where having to fork over documents to NSO lawyers on how it detected the exploits could put Apple’s vulnerability and threat detection secrets at risk of falling into the wrong hands. NSO lawyers would overnight become high-value targets to hackers. And if there’s one thing Apple hates, it’s lawyers…well, at least under Jobs.

“Because Apple currently uses its threat intelligence information to protect every one of its users in the world, any disclosure, even under the most stringent controls, puts this information at risk,” the company wrote in the filing.

So, it now appears that Apple is leaning more toward its beefed-up ability to track the once formidable NSO Group and other spyware vendors and notify users who may be at risk. We’ve already seen instances of this. In April, Apple sent alerts to possible victims in 92 countries describing how an emerging mercenary attack could remotely compromise their devices. The goal is now defensive: mitigate compromise as much as possible while engineers work on a fix.

Related: Apple wants to revoke its three-year-old lawsuit against spyware group

Follow Arin: Twitter/X, LinkedIn, Threads

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications