A Zero-Click Vulnerability Is Exploited by NSO Spyware

Citizen Lab researchers have discovered two independent Pegasus malware campaigns, that targeted the prime minister’s office and other official UK government networks as well as the Catalan presidents and members of civil society organizations.

What Happened?

Citizen Lab’s digital threat experts have identified a new zero-click iMessage attack that may be used to install NSO Group malware on iPhones belonging to Catalan lawmakers, journalists, and activists, according to the company.

HOMAGE is a previously undiscovered zero-click security issue in iOS that affects various versions of the operating system prior to iOS 13.2. (the latest stable iOS version is 15.4).

We identified evidence of HOMAGE, a previously-undisclosed iOS zero-click vulnerability used by NSO Group that was effective against some versions prior to 13.2.

— Citizen Lab (@citizenlab) April 18, 2022

Between 2017 and 2020 HOMAGE was utilized in a campaign that targeted at least 65 individuals with NSO’s Pegasus spyware, as well as the Kismet iMessage attack and a WhatsApp issue, according to the report published by the researchers.

We saw evidence that multiple zero-click iMessage exploits were used to hack Catalan targets’ iPhones with Pegasus between 2017 and 2020.

We have identified signs of a zero-click exploit that

Read More: https://heimdalsecurity.com/blog/a-zero-click-vulnerability-is-exploited-by-nso-spyware/