Thursday, March 28, 2024

A New iPhone Zero-Click iMessage Zero-Day Used to Deploy Pegasus Spyware

The security researchers of the Citizen Lab Research Center at the University of Toronto have recently discussed reading a vulnerability in iOS that can be easily exploited in just one click.

However, the report pronounced that this vulnerability was unknown earlier, but the experts came to know about it as this vulnerability was exploiting different attacks since February 2021.

According to the reports, this vulnerability has been exploited in attacks against various activists and protesters in Bahrain. And now the security analysts have detected a new exploit to the Israeli commercial spyware maker NSO Group.

New iPhone Zero-Click Exploit Popped Up in February 2021 

The new iPhone Zero-click exploits were detected in February 2021, the NSO Group initiated the attacks using the new iMessage zero-click. 

While the Citizen Lab affirmed that while investigating the exploit they noted the FORCEDENTRY exploit strongly deployed against iOS variants 14.4 and 14.6 as a zero-day.

After the specific investigation, the analyst asserted that disabling iMessage will commence to other issues, such as sending unencrypted messages that a resourceful cybercriminal can easily guess.

NSO Group’s Pegasus used in high-profile attacks

This attack has a long string, and the vulnerability is a part of this huge attack. During the investigation, experts noticed that the NSO Group’s Pegasus spyware was utilized to spy on reporters and human rights defenders (HRDs) worldwide.

But, Pegasus is a spyware tool that was specifically produced by Israeli surveillance firm NSO Group. This tool was marketed as surveillance software “licensed to legal government companies for the single purpose of reviewing the crime and terror.”

It’s not the first time that the security authorities have detected the Pegasus tool, as per the report the Citizen Lab has discovered some Pegasus licensees in 2018, which were being used for cross-border surveillance in different countries along with state security services.

Guarding Against Zero-Click Attacks Involves Tradeoffs 

This specific attack might be prevented by disabling iMessage and FaceTime. Apart from these two messaging apps, the NSO Group has successfully exploited many other apps that also include WhatsApp.

Disabling iMessage and FaceTime would not help to stop this attack, and it will not provide complete protection to the victim. Apart from this disabling iMessage is a long method that means the messages transferred via Apple’s built-in Messages app would be sent unencrypted and it makes a way for the threat actors to intercept.

However, the researchers are not clear about the whole concept of the threat actor that they are implementing. But the recent discoveries imply that the NSO Group’s customers are able to remotely compromise all current iPhone models and versions of iOS.

Moreover, there are many programs that the NSO Group is dealing with, that’s why the analysts have suggested all the customers stay alert regarding this kind of attack.

Follow us on Linkedin, Twitter, Facebook for daily Cybersecurity News & Updates

Website

Latest articles

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...

Chinese Hackers Attacking Southeast Asian Nations With Malware Packages

Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two...

CISA Warns of Hackers Exploiting Microsoft SharePoint Server Vulnerability

Cybersecurity and Infrastructure Security Agency (CISA) has warned about a critical vulnerability in Microsoft...

Microsoft Expands Edge Bounty Program to Include WebView2!

Microsoft announced that Microsoft Edge WebView2 eligibility and specific out-of-scope information are now included...

Beware of Free Android VPN Apps that Turn Your Device into Proxies

Cybersecurity experts have uncovered a cluster of Android VPN applications that covertly transform user...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles