Skip to main content

Project Zero researchers: Pegasus zero-click iMessage exploit ‘one of the most technically sophisticated exploits ever’

Apple announced last month that it had filed a lawsuit against NSO Group, the company behind the advanced “Pegasus” spyware that targets iPhone and Android devices. Now, researchers at Google’s Project Zero have gone an in-depth on Pegasus, calling it “one of the most technically sophisticated exploits we’ve ever seen.”

Pegasus spyware is capable of allowing hackers to access the microphone, camera, and other sensitive data from iPhone users. While earlier versions of the spyware required users to click on a link sent via iMessage, that newest version is a zero-click exploit. This means that targeted users do not have to click or interact with the attack at all in order for it to be effective.

In an interview with Wired, Project Zeros’s Ian Beer and Samuel Gross explained:

We haven’t seen an in-the-wild exploit build an equivalent capability from such a limited starting point, no interaction with the attacker’s server possible, no JavaScript or similar scripting engine loaded, etc. There are many within the security community who consider this type of exploitation — single-shot remote code execution — a solved problem. They believe that the sheer weight of mitigations provided by mobile devices is too high for a reliable single-shot exploit to be built. This demonstrates that not only is it possible, it’s being used in the wild reliably against people.

The Project Zero researchers say that this represents one of the most sophisticated exploits ever seen:

Based on our research and findings, we assess this to be one of the most technically sophisticated exploits we’ve ever seen, further demonstrating that the capabilities NSO provides rival those previously thought to be accessible to only a handful of nation states.

You can read more from the Project Zero team in a blog post on the Google Project Zero website as well as in this interview with Wired.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Chance Miller Chance Miller

Chance is the editor-in-chief of 9to5Mac, overseeing the entire site’s operations. He also hosts the 9to5Mac Daily and 9to5Mac Happy Hour podcasts.

You can send tips, questions, and typos to chance@9to5mac.com.

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications