Pegasus is a spyware developed by the private Israeli cyberarms firm NSO Group and can be remotely installed on Android and IOS devices.

It uses multiple vulnerabilities including zero-click exploits which can run without any user interaction. Once installed it can read all contacts, call logs, messages, photos and access most applications including imessage, gmail, viber, facebook, WhatsApp and Skype.

The NSO group carried out the attacks by simply sending malicious text messages to targeted Apple users. These messages were actually Adobe PSD files that crashed the iMessage component responsible for automatically rendering images.  After the crash it was able to deploy the Pegasus surveillance tool automatically without any user interaction.

The Pegasus spyware was discovered in 2016 after a failed installation attempt on the iPhone of a human rights activist. But it took until recently to find the exact vulnerability it uses to install itself without any user interaction. Now that this information is public, any hacker can use this knowledge for their own agenda.

Apple fixed these recent vulnerabilities in their latest update of iOS 14.8, iPadOS 14.8, watchOS 7.6.2, macOS Big Sur 11.6 and Safari 14.1.2.

Laminar recommends applying any critical security updates immediately.

Links:

https://en.wikipedia.org/wiki/Pegasus_(spyware) https://techcrunch.com/2021/08/24/nso-pegasus-bahrain-iphone-security/ https://www.hivepro.com/apple-fixes-the-zero-day-vulnerabilities-exploited-by-pegasus-spyware-named-forcedentry/