Security News > 2022 > April > Newly found zero-click iPhone exploit used in NSO spyware attacks

Newly found zero-click iPhone exploit used in NSO spyware attacks
2022-04-18 18:42

Digital threat researchers at Citizen Lab have discovered a new zero-click iMessage exploit used to install NSO Group spyware on iPhones belonging to Catalan politicians, journalists, and activists.

"Among Catalan targets, we did not see any instances of the HOMAGE exploit used against a device running a version of iOS greater than 13.1.3. It is possible that the exploit was fixed in iOS 13.2," Citizen Lab said.

The academic research lab has reported and provided Apple with the forensic artifacts needed to investigate the exploit and says there is no evidence that Apple customers using the latest versions of iOS are exposed to HOMAGE attacks.

As Reuters reported, NSO spyware was also used in attacks targeting senior European Commission officials last year, including the European Justice Commissioner.

Finland's Ministry for Foreign Affairs said in January that devices of Finnish diplomats had been infected with NSO Group's Pegasus spyware after US Department of State employees also found that their iPhones had been hacked to install the same spyware.

Pegasus, a spyware tool developed by Israeli surveillance firm NSO Group, is marketed as surveillance software licensed to governments worldwide for "Investigating crime and terror."


News URL

https://www.bleepingcomputer.com/news/security/newly-found-zero-click-iphone-exploit-used-in-nso-spyware-attacks/