Security News > 2021 > August > New zero-click iPhone exploit used to deploy NSO spyware
Digital threat researchers at Citizen Lab have uncovered a new zero-click iMessage exploit used to deploy NSO Group's Pegasus spyware on devices belonging to Bahraini activists.
The spyware was deployed on their devices after being compromised using two zero-click iMessage exploits: the 2020 KISMET exploit and a new never-before-seen exploit dubbed FORCEDENTRY. New iPhone zero-click exploit in use since February 2021.
While protecting against the iMessage exploits would only require disabling iMessage and FaceTime, NSO Group has also used exploits targeting other messaging apps, including WhatsApp.
Two years ago, Facebook sued Israeli cyber-surveillance firm NSO Group for creating and selling a WhatsApp zero-day exploit used to infect the devices of high-profile targets such as government officials, diplomats, and journalists with spyware.
Last but not least, Human rights non-governmental organization Amnesty International and non-profit project Forbidden Stories revealed in a separate July report that NSO Group-made spyware was deployed on iPhones running Apple's latest iOS release using zero-click iMessage exploits targeting multiple iOS zero-days.
"The mechanics of the zero-click exploit for iOS 14.x appear to be substantially different than the KISMET exploit for iOS 13.5.1 and iOS 13.7, suggesting that it is in fact a different zero-click iMessage exploit," Citizen Lab said at the time.