Israeli NSO Group’s spy software Pegasus is sold to dictatorships around the world and recently hit the headlines after Amnesty International revealed that it had been used to hack iPhones belonging to journalists, activists, politicians and lawyers in various countries. Now Citizen Lab at the University of Toronto has discovered a new vulnerability that bypasses Apple’s Blastdoor security measures.
Citizen Lab has discovered a previously unknown vulnerability that has been used to hack both iOS 14.4 and 14.6 on iPhones (which at the time of hacking was the latest version of the system). Crucially, the newly discovered security flaw also bypassed Blastdoor, which Apple added in iOS 14 as a way to prevent iMessage hacks by filtering malicious data.
Blastdoor processes incoming messages and attachments in so-called sandboxes. The idea is that incorrectly formatted data, something that is often used to circumvent security protection, should only be able to crash the sandbox and not spread to the rest of the system.
The problem is that NSO Group’s developers have found (or paid for the discovery of) a way to break out of that sandbox and then get around other security systems to finally take full control of the system and spy on the user.
Citizen Lab researchers made the discovery when they examined an iPhone belonging to a human rights activist in Bahrain. The phone showed signs of having been hacked several times since February 2021.
Apple was informed about the attacks earlier this summer, but it is unknown if this particular vulnerability has been fixed in iOS 14.7.1 which was recently released and is believed to have fixes for the other vulnerabilities that have been exploited in the Pegasus software up to and including iOS 14.6.
Is Apple to blame for failing to stop Pegasus?
How to check if your iPhone is infected by NSO’s Pegasus spyware
This article originally appeared on Macworld Sweden. Translation by Karen Haslam.