Vulnerability found in iPhone that could allow spyware to be installed

Citizen Lab (a structure of the University of Toronto) has discovered a vulnerability in iPhones running version 16.6 of the iOS operating system that allows Pegasus spyware from NSO Group to be installed on the device. About it it says on the laboratory website.

The identified exploit chain allowed the software to be launched without “any interaction from the victim.” “The exploit involved PassKit attachments containing malicious images sent to the victim from the attacker’s iMessage account,” the report said.

Citizen Lab said it notified Apple of the identified vulnerability and assisted the company with its investigation. Apple has added exploits to the vulnerability database, requiring users to update their devices.

Reuters citing Citizen Lab senior researcher Bill Marczak writesthat the laboratory, based on the results of forensic examination, attributes the exploit to the Israeli NSO Group. According to him, the vulnerability was discovered because “the attacker probably made a mistake.”