Spyware Pegasus made by NSO Group is famous as an effective spy tool, and is often criticized by many because it endangers privacy and security.
Now the spyware is back in action, namely to spy on nine activists from Bahrain from June 2020 to February 2021. Researchers from Citizen Lab found that Pegasus is still very effectively used to spy on its victims.
In fact, the victim uses an iPhone that is already using iOS 14, aka the latest version of iOS -- iOS 15 is still in the beta testing stage at this time.
Called effective because Pegasus can still function in a 'zero-click', aka the victim does not need to do anything like clicking links and the like to get infected with the spyware.
This Pegasus attack uses a zero-click exploit against iMessage. The victim doesn't have to do anything to get infected. One of the exploits used here is called KISMET and was first discovered in 2020.
But there is still another loophole that can be used to break into Apple's security system called Blastdoor. Citizen Lab calls this exploit FORCEDENTRY.
Citizen Lab found that this Pegasus attack was successfully carried out on iPhones with the latest iOS, they also said that iOS 14.4 and 14.6 confirmed that Pegasus could still be uprooted.
Apple has now updated iOS to version 14.7.1, which provides a security update. It is not known whether the update is intended to patch this loophole that Pegasus exploits.
But what is clear is that Apple is aware of this problem and they will introduce better security protections when they release iOS 15.
Regarding the victims who are activists in Bahrain, Citizen Lab believes that four of the nine activists were targeted by the Bahraini government, which has been recorded as using Pegasus since 2017.
