Security News > 2022 > April > Newly found zero-click iPhone exploit used in NSO spyware attacks
Digital threat researchers at Citizen Lab have discovered a new zero-click iMessage exploit used to install NSO Group spyware on iPhones belonging to Catalan politicians, journalists, and activists.
"Among Catalan targets, we did not see any instances of the HOMAGE exploit used against a device running a version of iOS greater than 13.1.3. It is possible that the exploit was fixed in iOS 13.2," Citizen Lab said.
The academic research lab has reported and provided Apple with the forensic artifacts needed to investigate the exploit and says there is no evidence that Apple customers using the latest versions of iOS are exposed to HOMAGE attacks.
As Reuters reported, NSO spyware was also used in attacks targeting senior European Commission officials last year, including the European Justice Commissioner.
Finland's Ministry for Foreign Affairs said in January that devices of Finnish diplomats had been infected with NSO Group's Pegasus spyware after US Department of State employees also found that their iPhones had been hacked to install the same spyware.
Pegasus, a spyware tool developed by Israeli surveillance firm NSO Group, is marketed as surveillance software licensed to governments worldwide for "Investigating crime and terror."
News URL
Related news
- Alert: Adobe Commerce and Magento Stores Under Attack from CosmicSting Exploit (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)
- Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)
- Emergency patch: Cisco fixes bug under exploit in brute-force attacks (source)
- New LightSpy Spyware Version Targets iPhones with Increased Surveillance Tactics (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks (source)
- NSO Group Exploited WhatsApp to Install Pegasus Spyware Even After Meta's Lawsuit (source)