Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple's iOS 14.8 Update Fixes Zero-Click Exploit Used to Distribute Pegasus Spyware
- Thread starter MacRumors
- Start date
- Sort by reaction score
Doubt it.
Sadly this group will just move onto utilising their next undisclosed zero-click discovery. I'm sure they have plenty saved in the bag, and will continue adding to it. Nobody is safe if they want to target you, regardless of patches.
Maybe it took a while to fix the specifics of this hack? What damage are you referring to?
And now the BIG question.
Does the patch only prevent it from happening, or does it block what is already on the phone?
Or do we now need to figure out how to remove it?
Does the patch only prevent it from happening, or does it block what is already on the phone?
Or do we now need to figure out how to remove it?
I’d argue we have to assume the software has been installed on every single iOS and Mac device in existence today. Removal Of such software could only be done by Apple. If they decide to not publish that, we may never know. The least this patch can do is blocking the exploit.
Question, how urgent do I need to download this update? From my understanding, a PDF download is what triggers this exploit? So if I have not downloaded and opened a PDF file from a dodgy website, I should be fine, is that how it works?
Im just confused because I have only been using my phone to visit social media, firefox, and a few trusted apps, and nothing else.
Im just confused because I have only been using my phone to visit social media, firefox, and a few trusted apps, and nothing else.
Reminds me of apple unwilling to outcompete government or institutions payments to security researchers choosing To notify apple security bugs before selling them off.
If apple needs public exposure To fix every single security bug, the iOS in and out of itself, will no longer be able to secure our data, jailbroken or not, especially since user cannot remedy those security issues themselves without turning off the device.
If apple needs public exposure To fix every single security bug, the iOS in and out of itself, will no longer be able to secure our data, jailbroken or not, especially since user cannot remedy those security issues themselves without turning off the device.
That exploit might be triggered whether you download PDF or not. I’m not transferring PDF through iMessage either, but Apple can choose to not fully disclose the exploits capability, leaving us somewhat in the dark, probably for the safety of general public as well.
Last edited:
I think there are in progress lawsuits over past hacks. Country? US (NSO has US offices I think) or Israel.
Cause? Selling exploits that are then used for "evil" purposes, violating laws on hacking user data, etc.
Here's one from 2019 over a Whatsapp exploit:
NSO Group lawsuit (re hacking WhatsApp users) - Business & Human Rights Resource Centre
www.business-humanrights.org
Google, Microsoft and some other tech companies have joined Facebook's pending lawsuit over NSO's Whatsapp breach. Why Apple isn't joining in I don't know. They'd certainly have standing after the recent news ...
Microsoft and Google join Facebook’s legal fight against infamous spyware vendor
NSO Group argues it should benefit from sovereign immunity.
www.theverge.com
With the number of exploits coming in through iMessage vulnerabilities, it is reminiscent of Flash. Apple may need to refactor the iMessage code base with security in mind from the ground up. I am not sure specifically what Apple is doing from a development side on iOS 15, but it needs work.