https://www.bloomberg.com/news/newsletters/2022-10-13/-zero-click-spyware-emerges-as-a-menacing-mobile-threat
A journalist's iPhone silently received a command to open the Apple Music
app. Without the journalist's knowledge or interaction, the app connected
to a malicious server and downloaded spyware onto the phone that remained
there for 17 months, eavesdropping on phone calls and text messages.
The journalist was a victim of spyware manufactured by NSO Group known as Pegasus. The hack was an example of a "zero-click" attack-a method of
placing spyware on a phone without tricking a user into doing anything.
NSO has utilized at least six different zero-click exploits that were used
to covertly hack Apple iOS versions. The zero-click attacks worked by leveraging security vulnerabilities in Apple devices, in some cases sending
an iMessage that would force the phone to connect to a malicious website without user engagement. But it's not only iMessage. Flaws were exploited
in Apple's iMessage, the Apple podcast and music apps, Apple photos and an Apple Wi-Fi calling feature, the researchers found.
In stark contrast, researchers found no such flaws in the Android operating system from Google although Facebook apps like WhatsApp did have the flaws.
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)