• nso

    From NewsKrawler@21:1/5 to All on Sat Oct 22 07:51:45 2022

    A journalist's iPhone silently received a command to open the Apple Music
    app. Without the journalist's knowledge or interaction, the app connected
    to a malicious server and downloaded spyware onto the phone that remained
    there for 17 months, eavesdropping on phone calls and text messages.

    The journalist was a victim of spyware manufactured by NSO Group known as Pegasus. The hack was an example of a "zero-click" attack-a method of
    placing spyware on a phone without tricking a user into doing anything.

    NSO has utilized at least six different zero-click exploits that were used
    to covertly hack Apple iOS versions. The zero-click attacks worked by leveraging security vulnerabilities in Apple devices, in some cases sending
    an iMessage that would force the phone to connect to a malicious website without user engagement. But it's not only iMessage. Flaws were exploited
    in Apple's iMessage, the Apple podcast and music apps, Apple photos and an Apple Wi-Fi calling feature, the researchers found.

    In stark contrast, researchers found no such flaws in the Android operating system from Google although Facebook apps like WhatsApp did have the flaws.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)