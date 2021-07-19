With the recent reports around alleged targeting of individuals using the Israel-made Pegasus spyware, Amnesty International has dropped a major bombshell. It claims that even iPhones running on latest software may be susceptible to intrusion through a zero-click iMessage vulnerability.

As reported by 9to5mac, Amnesty International has analysed device logs to make the revelations. It suggests that Android and iPhone devices have been targeted using the Pegasus software from July 2014, and even currently in July 2021. The report lists several different variants of Pegasus used over the years.

Findings in the latest report suggests the presence of active exploits which are targeting iPhones running on the latest iOS 14.6. The highlight is a hacking method where a zero-click vulnerability in iMessage is exploited to install the Pegasus software without any action needed on the part of the user. The news is alarming for iPhone users.

While Apple has updated its software and fixed vulnerabilities time and again to counter the threat from spyware, it is alleged that Pegasus has also adapted with its creator NSO group able to find alternative security loopholes to hack into iPhones.

Apart from iMessage, the report claims that malicious actors have exploited bugs in other Apple apps and services like iCloud Photo Stream and Music app. It goes on to claim that Pegasus spyware is currently being installed on iPhones and iPads running iOS 14.3, iOS 14.4 and iOS 14.6 using a zero-click iMessage exploit.

iOS 14.7 is scheduled to be publicly available from this week. It remains to be seen if Apple is successful in fixing the bug that Amnesty International believes is currently being used to target iPhone users.