Google researchers have described NSO Group's zero-click exploit used to hack Apple devices as "incredible and terrifying," Wired has reported. Project Zero researchers called it "one of the most technically sophisticated exploits we've ever seen" that's on par with attacks from elite nation-state spies.
The Project Zero team said it obtained one of NSO's Pegasus exploits from Citizen Lab, which managed to capture it via a targeted Saudi activist. It also worked with Apple's Security Engineering and Architecture (SEAR) group on the technical analysis.
NSO's original exploit required the user to click on a link, but the latest, most sophisticated exploits require no click at all. Called ForcedEntry, it takes advantage of the way iMessage interprets files like GIFs to open a malicious PDF file with no action required from the victim. It does so by using old code from the 1990s used to process text in scanner images.
Once inside a device, the malware can set up its own virtualized environment and run javascript-like code, with no need to connect to an outside server. From there, it gives an attacker access to a victim's passwords, microphone, audio and more. The exploit is extremely hard to detect and is "a weapon against which there is no defense," Project Zero researchers said.
https://www.engadget.com/google-rese...6.html?src=rss
Researchers call NSO zero-click iPhone exploit 'incredible and terrifying'
18th December 2021, 05:24
Researchers call NSO zero-click iPhone exploit 'incredible and terrifying' 
