Pegasus Spyware Resurfaces with Newly Revealed Zero-Click Vulnerability

On September 13, The Citizen Lab revealed new research surrounding the Pegasus spyware campaign, presenting further details around their discovery of a zero-click vulnerability targeting Apple devices across the entire endpoint ecosystem.

In response to the disclosure, Apple has released security updates for all their devices from mobile to desktop. With Zimperium’s machine learning detection of exploits like Pegasus, Zimperium customers have been protected even before the disclosure.

The zero-click vulnerability, part of the vulnerabilities nicknamed ForcedEntry, takes advantage of how iMessage renders images, essentially opening up the file without the user interacting with the file. This is similar to Stagefright vulnerability discovered by Zimperium in 2015. Attackers can take advantage of this exploit to deliver a malicious PDF to target victims and remotely infect devices with spyware. The information from The Citizen Lab also shows this vector of attack has been active since February of this year.

This vulnerability, like others discovered throughout the mobile ecosystems, continues to highlight these always-connected devices as high-value targets, packed full of personal, private, and critical information. And as the lines continue to blur between mobile and traditional devices with information shared between systems in unison, it is as imperative as ever to have a robust, advanced security solution covering all devices.

Zimperium urges all users to update their Apple devices to the latest versions. Apple has released iOS 14.8, iPadOS 14.8, WatchOS 7.6.2, macOS Big Sur 11.6, and a security update for macOS Catalina to address this recent vulnerability (CVE-2021-30860).

Spyware Like Pegasus vs. Zimperium

Zimperium zIPS customers continue to remain protected against Pegasus with our zero-day, on-device z9 Mobile Threat Defense machine learning engine. There are no signatures for advanced spyware like Pegasus, and therefore defenses must be based on machine learning.

The Zimperium zLabs team has conducted a technical analysis of the research provided, showing the zIPS mobile threat defense solution detects and protects mobile customers in real-time from the exploitation of the device, without any updates.

Zimperium is here to help all enterprises, whether current customers or not. Please contact us today to learn more and ensure your mobile devices are protected.

About Zimperium

Zimperium, the global leader in mobile security, offers the only real-time, on-device, machine learning-based protection against Android, iOS, and Chromebook threats. Powered by z9, Zimperium provides protection against device, network, phishing, and malicious app attacks. For more information or to schedule a demo, contact us today.

The post Pegasus Spyware Resurfaces with Newly Revealed Zero-Click Vulnerability appeared first on Zimperium Mobile Security Blog.

%post_title%

Source

Related Articles

GriftHorse Android Trojan Steals Millions from Over 10 Million Victims Globally

Research and writeup by Aazim Yaswant and Nipun Gupta With the increase of mobile device use in everyday life, it is no surprise to see cybercriminals targeting these endpoints for financial crimes. Zimperium zLabs recently discovered an aggressive mobile premium services campaign with upwards of 10 million victims globally, and […]

The post GriftHorse Android Trojan Steals Millions from Over 10 Million Victims Globally appeared first on Zimperium Mobile Security Blog.

New Advanced Android Malware Posing as “System Update”

Another week, and another major mobile security risk. A few weeks ago, Zimperium zLabs researchers disclosed unsecured cloud configurations exposing information in thousands of legitimate iOS and Android apps (you can read more about it in our blog). This week, zLabs is warning Android users about a sophisticated new malicious app. The new malware disguises … Read More

The post New Advanced Android Malware Posing as “System Update” appeared first on Zimperium Mobile Security Blog.

c0ntextomy – Let’s Debug Together: CVE-2020-9992

Apple recently released the long awaited iOS/iPadOS 14.0 update alongside an updated Xcode 12.0. As part of this update, Apple fixed a vulnerability in the Development Tools, that was reported earlier this year as a joint effort by our Zimperium zLabs researcher and VP of Product Security Nikias Bassen, and an independent security researcher, Dany … Read More

The post c0ntextomy – Let’s Debug Together: CVE-2020-9992 appeared first on Zimperium Mobile Security Blog.

Elaborate Scam App Impersonates Leading Asian Bank; Victims Duped into ‘Investing’

Campaign is still active and growing; second bank app identified Zimperium, in collaboration with a leading Asian bank, have uncovered the early stages of a coordinated effort by scammers to defraud existing and new bank customers. In this blog, we will: Alert the general public about the scam before it gains traction;  Outline the entire … Read More

The post Elaborate Scam App Impersonates Leading Asian Bank; Victims Duped into ‘Investing’ appeared first on Zimperium Mobile Security Blog.