Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

bogdanw

macrumors 603
Original poster
Mar 10, 2009
6,099
3,011
The Citizen Lab "Triple Threat: NSO Group’s Pegasus Spyware Returns in 2022 with a Trio of iOS 15 and iOS 16 Zero-Click Exploit Chains"
https://citizenlab.ca/2023/04/nso-groups-pegasus-spyware-returns-in-2022/

"In FINDMYPWN, exploitation appears to begin with the fmfd process exiting and relaunching. The fmfd process is associated with the iPhone’s built-in Find My functionality. "

"The PWNYOURHOME exploit appears to be a novel two-phase zero-click exploit, with each of the two phases targeting a different process on the phone. The first phase of the exploit involves the HomeKit functionality built into iPhones (via the homed process), and the second phase of the exploit involves iMessage (via the MessagesBlastDoorService process)."

"The LATENTIMAGE exploit could also involve the iPhone’s Find My feature, as fmfd exited and re-loaded during exploitation, though we were unable to determine if it was the initial vector."

"We shared forensic artifacts with Apple in October 2022, and additional forensic artifacts regarding PWNYOURHOME in January 2023, leading Apple to release several security improvements to HomeKit in iOS 16.3.1"

"For a brief period, targets that had enabled iOS 16’s Lockdown Mode feature received real-time warnings when PWNYOURHOME exploitation was attempted against their devices. Although NSO Group may have later devised a workaround for this real-time warning, we have not seen PWNYOURHOME successfully used against any devices on which Lockdown Mode is enabled."
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.