Gaping iOS 14.6 iMessage security flaw saw journalists' iPhones infected with spyware
What you need to know
- A flaw in the way iOS 14.6 handles iMessages saw journalists, activists, and others have spyware installed on their devices.
- This is despite iOS 14 protections that were supposed to prevent this from happening.
Journalists, activists, and other groups around the world have seen their iPhones infected with spyware without their knowledge — and without them having to tap a thing to initiate the download. The spyware, Pegasus by NSO Group, is available commercially.
According to a report by multiple news outlets as well as Amnesty International's Security Lab, commercial hacking spyware Pegasus has been found to infect thousands of devices. The report is based on a list of 50,000 phone numbers that were thought to be of interest to clients of NSO. When security experts inspected some of the devices attached to those numbers, they found infections galore.
For its part, NSO says that none of this is anything to do with the company — pointing out that it doesn't have access to anything its customers collect via its software. As if that matters one jot.
The fact that Pegasus can be installed without the victim doing anything is of particular concern, as is the fact it still seems to be able to worm its way onto devices running iOS 14.6, as noted by MacRumors.
It also indicates that Apple has a MAJOR blinking red five-alarm-fire problem with iMessage security that their BlastDoor Framework (introduced in iOS 14 to make zero-click exploitation more difficult) ain't solving.It also indicates that Apple has a MAJOR blinking red five-alarm-fire problem with iMessage security that their BlastDoor Framework (introduced in iOS 14 to make zero-click exploitation more difficult) ain't solving.— Bill Marczak (@billmarczak) July 18, 2021July 18, 2021
While Apple is testing iOS 14.7 with beta testers right now, iOS 14.6 is the latest version available to everyone else. That means the best iPhone software available to the world, as of today, appears to remain vulnerable to Pegasus.
Those involved in the investigation intend to release a list of the people whose numbers appeared on the list of potential targets. It's said to include business executives, journalists, religious figures, and even government officials.
Get the best of iMore in your inbox, every day!
Oliver Haslam has written about Apple and the wider technology business for more than a decade with bylines on How-To Geek, PC Mag, iDownloadBlog, and many more. He has also been published in print for Macworld, including cover stories. At iMore, Oliver is involved in daily news coverage and, not being short of opinions, has been known to 'explain' those thoughts in more detail, too.
Having grown up using PCs and spending far too much money on graphics card and flashy RAM, Oliver switched to the Mac with a G5 iMac and hasn't looked back. Since then he's seen the growth of the smartphone world, backed by iPhone, and new product categories come and go. Current expertise includes iOS, macOS, streaming services, and pretty much anything that has a battery or plugs into a wall. Oliver also covers mobile gaming for iMore, with Apple Arcade a particular focus. He's been gaming since the Atari 2600 days and still struggles to comprehend the fact he can play console quality titles on his pocket computer.