A New iPhone Zero-Click iMessage Zero-Day Used to Deploy Pegasus Spyware

The security researchers of the Citizen Lab Research Center at the University of Toronto have recently discussed reading a vulnerability in iOS that can be easily exploited in just one click.

However, the report pronounced that this vulnerability was unknown earlier, but the experts came to know about it as this vulnerability was exploiting different attacks since February 2021.

According to the reports, this vulnerability has been exploited in attacks against various activists and protesters in Bahrain. And now the security analysts have detected a new exploit to the Israeli commercial spyware maker NSO Group.

New iPhone Zero-Click Exploit Popped Up in February 2021

The new iPhone Zero-click exploits were detected in February 2021, the NSO Group initiated the attacks using the new iMessage zero-click. 

While the Citizen Lab affirmed that while investigating the exploit they noted the FORCEDENTRY exploit strongly deployed against iOS variants 14.4 and 14.6 as a zero-day.

After the specific investigation, the analyst asserted that disabling iMessage will commence to other issues, such as sending unencrypted messages that a resourceful cybercriminal can easily guess.

NSO Group’s Pegasus used in high-profile attacks

This attack has a long string, and the vulnerability is a part of this huge attack. During the investigation, experts noticed that the NSO Group’s Pegasus spyware was utilized to spy on reporters and human rights defenders (HRDs) worldwide.

But, Pegasus is a spyware tool that was specifically produced by Israeli surveillance firm NSO Group. This tool was marketed as surveillance software “licensed to legal government companies for the single purpose of reviewing the crime and terror.”

It’s not the first time that the security authorities have detected the Pegasus tool, as per the report the Citizen Lab has discovered some Pegasus licensees in 2018, which were being used for cross-border surveillance in different countries along with state security services.

Guarding Against Zero-Click Attacks Involves Tradeoffs

This specific attack might be prevented by disabling iMessage and FaceTime. Apart from these two messaging apps, the NSO Group has successfully exploited many other apps that also include WhatsApp.

Disabling iMessage and FaceTime would not help to stop this attack, and it will not provide complete protection to the victim. Apart from this disabling iMessage is a long method that means the messages transferred via Apple’s built-in Messages app would be sent unencrypted and it makes a way for the threat actors to intercept.

However, the researchers are not clear about the whole concept of the threat actor that they are implementing. But the recent discoveries imply that the NSO Group’s customers are able to remotely compromise all current iPhone models and versions of iOS.

Moreover, there are many programs that the NSO Group is dealing with, that’s why the analysts have suggested all the customers stay alert regarding this kind of attack.

Follow us on LinkedinTwitterFacebook for daily Cybersecurity News & Updates

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS devices.…

2 days ago

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch Experts…

3 days ago

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan exploits…

4 days ago

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on organizations…

4 days ago

Google Chrome Security, Critical Vulnerabilities Patched

Google has updated its Chrome browser, addressing critical vulnerabilities that posed potential risks to millions…

4 days ago

Notorious WrnRAT Delivered Mimic As Gambling Games

WrnRAT is a new malware attack that cybercriminals have deployed by using popular gambling games…

4 days ago