The Stealthy iPhone Hacks That Apple Still Can't Stop - Wired

^{( August 25, 2021; Wired )}

IT'S A SHOCKING revelation: The Bahraini government allegedly purchased and deployed sophisticated malware against human rights activists, including spyware that required no interaction from the victim—no clicked links, no permissions granted—to take hold on their iPhones. But as disturbing as this week's report from the University of Toronto's Citizen Lab may be, it's also increasingly familiar.

These “zero-click” attacks can happen on any platform, but a string of high-profile hacks show that attackers have homed in on weaknesses in Apple's iMessage service to execute them. Security researchers say the company's efforts to resolve the issue haven't been working—and that there are other steps the company could take to protect its most at-risk users.

This is the nightmare scenario. The iMessage application can't be deleted from the phone, and the user doesn't have to open a message or click on a link to be compromised. To date, these zero-click attacks are rare, and typically reserved for the highest profile targets. Apple pushed to limit the iMessage risk with the use of BlastDoor, a quarantine environment for iMessage in its most recent, iOS 14 release, but this latest exploit shows that the problem still isn't fully solved.

The latest attack is referred to as Megaladon by Amnesty International or Forced Entry by Citizen Labs. At the time Wired published this source article, Apple had not yet issued a fix.

Read the rest from : The Stealthy iPhone Hacks That Apple Still Can't Stop

-h/t Bruce Schneier