A New iPhone Zero-Click iMessage Zero-Day Used to Deploy Pegasus Spyware

The security researchers of the Citizen Lab Research Center at the University of Toronto have recently discussed reading a vulnerability in iOS that can be easily exploited in just one click.

However, the report pronounced that this vulnerability was unknown earlier, but the experts came to know about it as this vulnerability was exploiting different attacks since February 2021.

According to the reports, this vulnerability has been exploited in attacks against various activists and protesters in Bahrain. And now the security analysts have detected a new exploit to the Israeli commercial spyware maker NSO Group.

New iPhone Zero-Click Exploit Popped Up in February 2021

The new iPhone Zero-click exploits were detected in February 2021, the NSO Group initiated the attacks using the new iMessage zero-click. 

While the Citizen Lab affirmed that while investigating the exploit they noted the FORCEDENTRY exploit strongly deployed against iOS variants 14.4 and 14.6 as a zero-day.

After the specific investigation, the analyst asserted that disabling iMessage will commence to other issues, such as sending unencrypted messages that a resourceful cybercriminal can easily guess.

NSO Group’s Pegasus used in high-profile attacks

This attack has a long string, and the vulnerability is a part of this huge attack. During the investigation, experts noticed that the NSO Group’s Pegasus spyware was utilized to spy on reporters and human rights defenders (HRDs) worldwide.

But, Pegasus is a spyware tool that was specifically produced by Israeli surveillance firm NSO Group. This tool was marketed as surveillance software “licensed to legal government companies for the single purpose of reviewing the crime and terror.”

It’s not the first time that the security authorities have detected the Pegasus tool, as per the report the Citizen Lab has discovered some Pegasus licensees in 2018, which were being used for cross-border surveillance in different countries along with state security services.

Guarding Against Zero-Click Attacks Involves Tradeoffs

This specific attack might be prevented by disabling iMessage and FaceTime. Apart from these two messaging apps, the NSO Group has successfully exploited many other apps that also include WhatsApp.

Disabling iMessage and FaceTime would not help to stop this attack, and it will not provide complete protection to the victim. Apart from this disabling iMessage is a long method that means the messages transferred via Apple’s built-in Messages app would be sent unencrypted and it makes a way for the threat actors to intercept.

However, the researchers are not clear about the whole concept of the threat actor that they are implementing. But the recent discoveries imply that the NSO Group’s customers are able to remotely compromise all current iPhone models and versions of iOS.

Moreover, there are many programs that the NSO Group is dealing with, that’s why the analysts have suggested all the customers stay alert regarding this kind of attack.

Follow us on LinkedinTwitterFacebook for daily Cybersecurity News & Updates

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Lumma Stealer Upgraded with PowerShell Tools and Advanced Evasion Techniques

Sophos Managed Detection and Response (MDR) in September 2024, the notorious Lumma Stealer malware has…

2 hours ago

New Noodlophile Malware Spreads Through Fake AI Video Generation Platforms

Cybercriminals have unleashed a new malware campaign using fake AI video generation platforms as a…

2 hours ago

Kimsuky Hacker Group Deploys New Phishing Techniques and Malware Campaigns

The North Korean state-sponsored Advanced Persistent Threat (APT) group Kimsuky, also known as “Black Banshee,”…

3 hours ago

APT37 Hackers Use Weaponized LNK Files and Dropbox for Command-and-Control Operations

The North Korean state-sponsored hacking group APT37, also known as ScarCruft, launched a spear phishing…

3 hours ago

Open Source Linux Firewall IPFire 2.29 – Core Update 194 Released: What’s New!

IPFire, the powerful open-source firewall, has unveiled its latest release, IPFire 2.29 – Core Update…

6 hours ago

Threat Actors Leverage DDoS Attacks as Smokescreens for Data Theft

Distributed Denial of Service (DDoS) attacks, once seen as crude tools for disruption wielded by…

7 hours ago