Apple has reacted quickly to a security breach that had opened the back door to Pegasus spy malware, the spy program developed by the Israeli company NSO Group. This vulnerability was discovered by the citizen participation platform Citizen Lab while they were reviewing the device of an employee of a civil society organization based in Washington DC.
According to the information provided by this organization, the breach allowed the software to enter iOS devices without the need for any interaction on the part of the victim. This is a zero-click attack, meaning the attacker only had to send a malicious image to the victim’s iMessage account to infect the iPhone. The exploitation chain used has been named ‘BlastPass’.
Apple responded quickly and on Thursday, September 7, released updates to fix these security gaps that affected iPhones, Apple Watch, iPads and Macs. The first vulnerability identified as CVE-2023-41064 affected the Image I/O framework. It allowed access to all the aforementioned devices at the time when “an image created for malicious purposes” was processed, as explained from Cupertino.
CVE-2023-41061 is the other breach detected. In this case, similar security issues were created when a “maliciously crafted attachment” was sent. In this case the failure was registered in Apple Wallet.
The updates released by the company now run by Tim Cook, iOS 16.6.1, which has also been extended to iPadOS 16.6.1, fixes the vulnerability and protects users from possible Pegasus attacks through this backdoor.
It is not the first time that Pegasus has been used to spy on influential users, such as diplomats, journalists and activists. In 2022, this spyware was discovered to be present on the devices of 60 pro-independence politicians and the president of the Spanish government, Pedro Sánchez.
Pegasus, developed by NSO Group, is high-profile spyware sold to governments around the world. It is known for its ability to infect devices running operating systems such as iOS and Android and is extremely difficult to detect. Over the years, more than 50,000 Pegasus victims have been recorded worldwide.
This spyware to other mobile phones from SMS or Whatsapp messages. The user receives a message with a link and, upon clicking, the computer virus penetrates the device and can record all messages and calls. You can also have access to the camera, microphone, GPS location, passwords stored in the device’s memory, as well as messaging applications.
Furthermore, this ‘malware’ has the ability to activate the keyboard without the user being aware of it; so the cell phone can be used against you. However, it should be noted that there is a more sophisticated version of this software that can infect mobile phones without any interaction on the part of the user.
Despite this recent update, Apple already launched an “isolation mode” last July, with which it intended to close all doors to Pegasus. This is a novelty that will only be used by a very small number of people, such as activists, politicians or journalists who are susceptible to being spied on and, thus, nip in the bud this possibility of access for spyware.