Watchdog group Citizen Lab recently found two zero-day iPhone vulnerabilities that allow Pegasus spyware a way into the device. The flaws were used to spy on an.
Why it matters: Pegasus is a commercial spyware developed by Israel-based cyber-arms firm NSO Group that seemingly works to „prevent and investigate“ terror and crime. However, Pegasus is often used to track, spy, and compromise journalists, activists, political dissidents, and lawyers worldwide.
Watchdog group Citizen Lab recently found two zero-day iPhone vulnerabilities that allow Pegasus spyware a way into the device. The flaws were used to spy on an unnamed individual employed by a Washington DC civil society organization, abusing an exploit chain the researchers referred to as BLASTPASS.
The main exploit compromised PassKit, Apple’s framework designed to include the Apple Pay option in third-party apps. It used attachments containing „malicious images“ sent through the Messages app as the attack vector.