Highlights:
- According to researchers from Google LLC, these versions spread via a malicious message that can activate even if the user doesn’t click it.
- The malware accomplished this by exploiting a flaw in HomeKit, an iOS framework enabling users to configure smart home devices using their iPhones.
Apple Inc. has informed iPhone users in 92 countries that mercenary spyware potentially targeted their devices.
The company notified the users affected by the iPhone mercenary spyware via email and iMessage. “Apple detected that you are being targeted by a 2 that is trying to remotely compromise the iPhone associated with your Apple ID,” a warning displayed.
The company did not disclose the number of users affected or their locations. According to an online newspaper, some affected individuals are in India. Apple disclosed this week that it has issued notifications about mercenary spyware to users in over 150 countries since 2021.
Simultaneously, after sending out this week’s notifications, the company revised its support article. The page indicates that, according to Apple, the iPhone mercenary spyware attacks encompass state-backed hacking campaigns. One example of such an attack listed by the company is hacking carried out using NSO Group Ltd.’s Pegasus malware.
Some versions of Pegasus targeted victims through iMessage. According to researchers from Google LLC, these versions spread via a malicious message that can activate even if the user doesn’t click it. After infecting a device, Pegasus erases files on the victim’s iPhone that could be utilized to detect the breach.
In 2021, Apple enhanced iOS with a cybersecurity mechanism known as BlastDoor to bolster the security of iMessage. According to 9to5Mac, the feature opens messages in an isolated sandbox where malicious code cannot spread. The sandbox isolates iMessage from both other applications and the underlying operating system.
Last year, researchers discovered a new version of Pegasus that successfully bypassed BlastDoor. The malware accomplished this by exploiting a flaw in HomeKit, an iOS framework enabling users to configure smart home devices using their iPhones.
Pegasus utilized HomeKit to crash a key component of BlastDoor, thereby facilitating the spread of malware through iMessage.
Apple promptly issued a patch for the flaw shortly after it was discovered. Additionally, the company has developed a second cybersecurity feature called Lockdown Mode, designed to protect users from mercenary spyware. The feature reduces an iPhone’s attack surface by disabling software features that hackers could use to spread malware.
In the iPhone mercenary spyware alerts it sent out this week, the company stated, “Apple relies solely on internal threat-intelligence information and investigations to detect such attacks. Although our investigations can never achieve absolute certainty, Apple threat notifications are high-confidence alerts that a user has been individually targeted by a mercenary spyware attack and should be taken very seriously.”