iPhones of at least 36 Al Jazeera employees using a no-user-interaction zero-day vulnerability in the iOS iMessage app.
Attack with Medium Confidence:
Employees of Al Jazeera iPhones hacked — including, journalists, producers, anchors, and executives, along with a journalist at London-based Al Araby TV.
Due to, A no-user-interaction zero-day vulnerability in the iOS iMessage app.
Citizen Lab researchers say with “medium confidence” that two attackers spied on the phones of Al Jazeera journalists were doing so, on behalf of the Saudi Arabian and UAE governments.
“The phones were compromised using an exploit chain that we call Kismet,” the researchers write.
Moreover, the attacks discovered since at least October 2019.
And, in July 2020 it was a zero-day attack.
Importantly, the Kismet exploit tool worked against Apple’s latest devices (i.e., iPhones 11 running iOS 13.5.1).
According to the report, “We noticed that on 19 July 2020, his phone visited a website that we had detected in our internet scanning as an Installation Server for NSO Group’s Pegasus spyware.
However, it is used in the process of infecting a target with Pegasus,”
Pegasus became known for the telltale malicious links sent to targets via SMS for many years.
Importantly, Pegasus was used by Saudi authorities — a crime against journalism.
In addition, journalists have been arrested, disappeared, or even killed, due to this spyware. Khashoggi is just one example”.
The exploit described by the Citizen Lab team fails to work on iPhones running iOS 14, the latest version.
Users should update to this version immediately, the researchers said.
A spokesman for Apple added that iOS 14 was “a major leap forward” in protecting against such attacks.