The Citizen Lab "Triple Threat: NSO Group’s Pegasus Spyware Returns in 2022 with a Trio of iOS 15 and iOS 16 Zero-Click Exploit Chains"
https://citizenlab.ca/2023/04/nso-groups-pegasus-spyware-returns-in-2022/
"In FINDMYPWN, exploitation appears to begin with the fmfd process exiting and relaunching. The fmfd process is associated with the iPhone’s built-in Find My functionality. "
"The PWNYOURHOME exploit appears to be a novel two-phase zero-click exploit, with each of the two phases targeting a different process on the phone. The first phase of the exploit involves the HomeKit functionality built into iPhones (via the homed process), and the second phase of the exploit involves iMessage (via the MessagesBlastDoorService process)."
"The LATENTIMAGE exploit could also involve the iPhone’s Find My feature, as fmfd exited and re-loaded during exploitation, though we were unable to determine if it was the initial vector."
"We shared forensic artifacts with Apple in October 2022, and additional forensic artifacts regarding PWNYOURHOME in January 2023, leading Apple to release several security improvements to HomeKit in iOS 16.3.1"
"For a brief period, targets that had enabled iOS 16’s Lockdown Mode feature received real-time warnings when PWNYOURHOME exploitation was attempted against their devices. Although NSO Group may have later devised a workaround for this real-time warning, we have not seen PWNYOURHOME successfully used against any devices on which Lockdown Mode is enabled."
https://citizenlab.ca/2023/04/nso-groups-pegasus-spyware-returns-in-2022/
"In FINDMYPWN, exploitation appears to begin with the fmfd process exiting and relaunching. The fmfd process is associated with the iPhone’s built-in Find My functionality. "
"The PWNYOURHOME exploit appears to be a novel two-phase zero-click exploit, with each of the two phases targeting a different process on the phone. The first phase of the exploit involves the HomeKit functionality built into iPhones (via the homed process), and the second phase of the exploit involves iMessage (via the MessagesBlastDoorService process)."
"The LATENTIMAGE exploit could also involve the iPhone’s Find My feature, as fmfd exited and re-loaded during exploitation, though we were unable to determine if it was the initial vector."
"We shared forensic artifacts with Apple in October 2022, and additional forensic artifacts regarding PWNYOURHOME in January 2023, leading Apple to release several security improvements to HomeKit in iOS 16.3.1"
"For a brief period, targets that had enabled iOS 16’s Lockdown Mode feature received real-time warnings when PWNYOURHOME exploitation was attempted against their devices. Although NSO Group may have later devised a workaround for this real-time warning, we have not seen PWNYOURHOME successfully used against any devices on which Lockdown Mode is enabled."