Google: NSO Spyware Is Great And Horrible


Google through Project Zero analyzed the exploit made by NSO that infected iOS 14.71. The Google security research team praised the exploit for its sophistication.

Google Project Zero (GPZ) calls this exploit one of the most technically advanced exploits to date. Ian Beer and Samuel Groß called this NSO exploit very great but also terrible.

According to GPZ, this exploit can emulate a computer environment inside an iOS component that handles GIFs, which basically have no scripting capabilities.

But this exploit could allow components in iOS to run (like) JavaScript code to write code that works to sneak Pegasus into iPhones, and then spy on those Apple devices.

This exploit was reported to exist by Citizen Lab, a Canadian security research institute, to Apple as part of its joint research with Amnesty International into the Pegasus spyware, which uses this exploit to infiltrate iPhones.

Citizen Lab then sends a sample of this zero click exploit to GPZ for analysis. From there it was discovered that the exploit took advantage of the GIF file support in iMessage to infiltrate spyware.

By using iMessage, it means that the perpetrator only needs to know the AppleID or phone number of the victim. Even victims don't have to click on any links to get infected with this exploit (hence the name zero click).

"NSO used a 'fake GIF' trick to attack a loophole in the CoreGraphics PDF parser," Beer and Groß explain in their report.

Fortunately, now Apple has patched the loophole called CVE-2021-30860. Namely by fixing the CoreGraphics component on iOS 14.8 which was released last September.

Previous Post Next Post