Apple has abruptly withdrawn its lawsuit against NSO Group, citing increased risk that the legal battle might unintentionally reveal sensitive vulnerability data and difficulties in acquiring essential information from the spyware vendor.
In a court filing Friday, Apple said continuing the lawsuit now poses “too significant a risk” of exposing the anti-exploitation and threat intelligence efforts needed to fend off the very adversaries involved in the legal dispute.
“When it filed this lawsuit nearly three years ago, Apple recognized that it would involve sharing information with third parties. However, developments since then have reshaped the risk landscape associated with sharing such information,” the Cupertino device maker said.
“Apple knows and appreciates that this Court would take the utmost care with the sensitive information relevant to this case. But it is also aware that — now more than ever — predatory spyware companies, including those not before this Court, will use any means to obtain this information,” the company added.
“Any disclosure, even under the most stringent controls, puts this information at risk. Due to the developments since this suit was filed, proceeding forward at this time would now present too significant a risk to Apple’s threat-intelligence program.”
The case, originally filed in 2021 in the U.S. District Court for the Northern District of California, sought to to hold NSO Group accountable for hacking into Apple’s iOS platforms with so-called zero-click exploits to spy on researchers, journalists, activists, dissidents, academics, and government officials.
Apple and WhatApp maker Meta have accused NSO Group of creating “sophisticated, state-sponsored surveillance technology that allows its highly targeted spyware to surveil its victims” and moved to the US courts to ban the company from using its software, services or devices.
On Friday, Apple also cited concerns that NSO Group and unidentified officials in Israel may have taken actions to avoid producing information during discovery. “This means that going forward with this case will potentially involve disclosure to third parties of the information Apple uses to defeat spyware while Defendants and others create significant obstacles to obtaining an effective remedy,” the company said.
Apple also pointed to shifting dynamics in the commercial spyware industry and cautioned that even a legal victory might have limited impact on the broader surveillance software landscape.
“Defendants have been partly supplanted by numerous other spyware companies, dispersing threats that were once concentrated in a single powerful actor; consequently, even a complete victory in this suit would not have the same impact as in 2021, as other unaffiliated spyware companies would remain unaffected and could continue their destructive tactics,” the company added.
Meta-owned WhatsApp has also sued NSO Group, accusing the controversial company of using its messaging service to conduct cyberespionage on journalists, human rights activists and others.
Related: Apple Ships Urgent Patch for FORCEDENTRY Zero-Days
Related: New iOS Zero-Click Exploit Defeats Apple ‘BlastDoor’ Sandbox
Related: Apple Adds ‘BlastDoor’ to Secure iPhones From Zero-Click Attacks
Related: Secretive Israeli Exploit Company Behind Wave of Zero-Day Exploits