Security News > 2020 > December > Journalists' Phones Hacked via iMessage Zero-Day Exploit
A recently observed Pegasus spyware infection campaign targeting tens of Al Jazeera journalists leveraged an iMessage zero-click, zero-day exploit for infection.
Cybersecurity firms and human rights organizations have detailed multiple malicious attacks involving Pegasus, many of them targeting journalists and human rights activities.
In a newly published report, Canadian interdisciplinary laboratory Citizen Lab, which is based at the Munk School of Global Affairs & Public Policy at the University of Toronto, details a new series of attacks in which Pegasus infected "36 personal phones belonging to journalists, producers, anchors, and executives at Al Jazeera."
The attacks, which were performed in July and August 2020, involved the use of a zero-click exploit in iMessage, a zero-day vulnerability in at least iOS 13.5.1, which allowed attackers to hack Apple's iPhone 11 devices.
Al Araby TV journalist Rania Dridi was also targeted with Pegasus spyware, at least six times, with two of the attacks likely involving zero-day exploits.
News URL
Related news
- Cisco warns of critical RCE zero-days in end of life IP phones (source)
- Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control (source)
- Volt Typhoon Hackers Exploit Zero-Day Vulnerability in Versa Director Servers Used by MSPs, ISPs (source)
- Malware exploits 5-year-old zero-day to infect end-of-life IP cameras (source)
- North Korean hackers exploit Chrome zero-day to deploy rootkit (source)
- North Korean Hackers Deploy FudModule Rootkit via Chrome Zero-Day Exploit (source)
- Adobe fixes Acrobat Reader zero-day with public PoC exploit (source)
- Adobe fixed Acrobat bug, neglected to mention whole zero-day exploit thing (source)