Security News > 2022 > April > Newly found zero-click iPhone exploit used in NSO spyware attacks
Digital threat researchers at Citizen Lab have discovered a new zero-click iMessage exploit used to install NSO Group spyware on iPhones belonging to Catalan politicians, journalists, and activists.
"Among Catalan targets, we did not see any instances of the HOMAGE exploit used against a device running a version of iOS greater than 13.1.3. It is possible that the exploit was fixed in iOS 13.2," Citizen Lab said.
The academic research lab has reported and provided Apple with the forensic artifacts needed to investigate the exploit and says there is no evidence that Apple customers using the latest versions of iOS are exposed to HOMAGE attacks.
As Reuters reported, NSO spyware was also used in attacks targeting senior European Commission officials last year, including the European Justice Commissioner.
Finland's Ministry for Foreign Affairs said in January that devices of Finnish diplomats had been infected with NSO Group's Pegasus spyware after US Department of State employees also found that their iPhones had been hacked to install the same spyware.
Pegasus, a spyware tool developed by Israeli surveillance firm NSO Group, is marketed as surveillance software licensed to governments worldwide for "Investigating crime and terror."
News URL
Related news
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks (source)
- NSO Group Exploited WhatsApp to Install Pegasus Spyware Even After Meta's Lawsuit (source)
- U.S. Judge Rules Against NSO Group in WhatsApp Pegasus Spyware Case (source)
- US court finds spyware maker NSO liable for WhatsApp hacks (source)
- Spyware Maker NSO Group Found Liable for Hacking WhatsApp (source)
- FICORA and Kaiten Botnets Exploit Old D-Link Vulnerabilities for Global Attacks (source)