From ArsTechnica:
Apple has patched three high-severity iOS vulnerabilities that are being actively exploited to infect iPhones so attackers can steal confidential messages from a large number of apps, including Gmail, Facebook, and WhatsApp, security researchers said Thursday.
The spyware has been dubbed Pegasus by researchers from mobile security provider Lookout; they believe it has been circulating in the wild for a significant amount of time. Working with researchers from University of Toronto-based Citizen Lab, they have determined that the spyware targeted a political dissident located in the United Arab Emirates and was launched by an US-owned company specializing in computer-based exploits. Based on the price of the attack kit—about $8 million for 300 licenses—the researchers believe it’s being actively used against other iPhone users throughout the world.
“Pegasus is the most sophisticated attack we’ve seen on any endpoint because it takes advantage of how integrated mobile devices are in our lives and the combination of features only available on mobile—always connected (WiFi, 3G/4G), voice communications, camera, email, messaging, GPS, passwords, and contact lists,” Lookout and Citizen Lab researchers wrote in a blog post. “It is modular to allow for customization and uses strong encryption to evade detection.”
After the exploits surreptitiously jailbreak a target’s iPhone, Pegasus immediately starts trawling through a wealth of its resources. It copies call histories, text messages, calendar entries, and contacts. It’s capable of activating the cameras and microphones of compromised phones to eavesdrop on nearby activities. It can also track a target’s movements and steal messages from end-to-end encrypted chat apps.
As Ars has reported, Apple has already issued updates that patch the three vulnerabilities that make the infections possible. While …