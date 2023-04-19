- Advertisement - Now the famous and controversial spyware pegasus on iphonethis strong digital spy is used by governments and law enforcement agencies around the world to spy on people’s devices. This spy continues to be a threat to the security and privacy of people who are of interest to the clients of NSO Groupyour Creator. In the past, Pegasus has used zero-click vulnerabilities to defeat the security of iOS 14. - Advertisement - But Citizen Laba research group at the University of Toronto working on digital security and human rights issues, has found that Pegasus it also used three zero-click exploits that affected iOS 15 and iOS 16 in Mexico in 2022. Pegasus on Iphone, new exploits in October. Exploit 1: FINDMYPWN. Exploit 2: PWNYOURHOME.

Pegasus on Iphone, new exploits in October.

Pegasus spyware on iPhone.

Exploit 1: FINDMYPWN.

Exploit 2: PWNYOURHOME.

The group discovered the new exploits in October 2022, as part of an investigation with the Mexican digital human rights organization René Defensa de los Derechos Digitales.

By examining iPhones used by human rights defenders in Mexico, all three exploits were discovered as new ways Pegasus could infect devices.

The three iPhone zero-click exploits discovered are the first to use two separate remote attack surfaces on the iPhone.

These exploits do not require the interaction of the device owner to infect them, making them a serious threat to people’s security and privacy.

Exploit 1: FINDMYPWN.

The first exploit, titled “FINDMYPWN“, it worked with iOS 15.5 and iOS 15.6 and used an fmfd process associated with find my.

With the process shutting down and relaunching, it was observed that the exploit caused an item within a cache directory associated with to be written and deleted. find my.

Relatively little information about the exploit has been released, partly because the investigation is ongoing, but also to continue the investigation.

Indicators of an infection are not published as they Citizen Lab believes that NSO Group you are making efforts to evade detection, and providing those details would help the spyware producer.

Exploit 2: PWNYOURHOME.

A second exploit called “PWNYOURHOME” is a two-stage no-click exploit, where each stage targets different processes.

In a first phase, a daemon lock was used in HomeKit, followed by downloading PNG images from iMessage which it blocks BlastDoor.

It is not clear how the exploit escapes the sandbox of BlastDoorbut the exploit is known to eventually launch Pegasus via mediaserver.

Pegasus on Iphone, HomeKit problem to Apple.

Citizen Lab revealed the problem of HomeKit to Apple, resulting in a fix in iOS 16.3.1.

It seems that the lockdown mode in iOS warns users of attempts to attack the iPhone using the exploit, by displaying notifications that a home was attempted.

However, since there is no indication that NSO has stopped deploying the exploit, it is possible that NSO You have figured out how to prevent notifications from triggering.

After discovering both exploits, a third was discovered after the team re-verified forensics of previous cases.

These exploits they are just one example of how Pegasus continues to evolve and find new ways to infiltrate devices.

It is important that users are aware of this threat and take steps to protect themselves.

For iPhone users, citizen Lab recommends updating your devices to the latest version of iOS, turning on lockdown mode, and keeping an eye out for any unusual behavior on your device.

They also suggest avoiding clicking on unknown or suspicious links and being wary of any messages or emails that seem suspicious.

In addition, human rights organizations and journalists who are most at risk of being targeted by Pegasus they must take additional steps to protect your privacy and security.

This may include the use of security software, limiting access to confidential information, and the use of secure communication tools.

Pegasus spyware on iPhone.

We can say that, Pegasus is a highly sophisticated spyware that continues to be a threat to the privacy and security of people all over the world.

The capacity of Pegasus to use zero-click exploits to infiltrate iOS devices makes it particularly dangerous, as users can be infected without ever clicking a link or downloading a file.

It is important that users are aware of this threat and take steps to protect themselves.

In addition, governments and companies must take steps to ensure the privacy and security of their citizens and customers, and must ensure that surveillance tools are used ethically and responsibly.