A new zero-clik zeroday vulnerability has been discovered that Pegasus spyware uses to infect iPhone devices.
Developed by Israel-based NSO Group, the Pegasus pest manages to make a name for itself with brand new scandals every day.
Recently, iPhones of 9 Bahraini activists, members of the Bahrain Center for Human Rights, were hacked by the Pegasus spyware operator, who is believed to be affiliated with the Bahraini government. According to the report published by cyber security company Citizen Lab, the activists’ device was accessed using two zero-day (zero-click) vulnerabilities.
The new zero-click vulnerabilities on iMessage also have the ability to bypass the BlastDoor feature that iOS uses to provide security against such vulnerabilities. It is thought to have been first detected in 2021. According to Citizen LAB, zeroday called Forcedentry works successfully on iOS 14.4 and 14.6 versions.
If you want to protect yourself from the vulnerabilities on iMessage, it is sufficient to turn off and disable iMessage and FaceTime. The problem is that if you disable this too, you send your messages in plain text, that is, unencrypted. That’s a bigger problem, especially if you’re dealing with a regime-backed cyber group.
Of course, only iMessage vulnerabilities were not relied on for Pegasus to be used in targets. There are also vulnerabilities in other applications such as WhatsApp by NSO Group, among those that are said to be developed for Pegasus.
Until Apple releases updates to the latest security vulnerabilities, the best thing anyone can do to stay protected is to disable and uninstall any potential apps that Israel-based NSO Group may have been hunting for vulnerabilities.