A new targeted zero-click attack on that defeated both iOS 14.4 and the later release of iOS 14.6. The Pegasus hacking tool became prominent used to hack iPhones and smartphones owned by a number of human rights activists and journalists. It appears that NSO managed to include a new zero-click attack that impacted newer versions of iOS.
The attack was a zero-click version, in that it didn’t require any interaction by the victim to infect the iPhone.The attack employed a previously-unknown vulnerability in iMessage, which then enabled Pegasus to be installed on the iPhone.
The hack was significant for two elements, with the first being that it successfully exploited the latest iOS release at the time, iOS 14.4, as well as the later update to iOS 14.6. Secondly, the attack defeated a security feature Apple introduced in iOS 14 for mitigating malicious data in iMessage termed BlastDoor.Due to defeating BlastDoor, the researchers named the hack as ForcedEntry.
The researchers informed Apple of the exploit they had discovered, though Apple declined to say to the report if it had discovered and fixed the underlying vulnerability.
Due to the discovery of the widespread hacking using the tool, which used exploits in various Apple software to install the spyware, NSO Group’s actions have been condemned by various parties, including Apple itself. A tool based on the Mobile Verification Toolkit created by Amnesty International can be used for detecting evidence of a Pegasus intrusion.