The leaked database of Amnesty International revealed that iPhones running iOS 14.6 contain a zero-click iMessage exploit which could have been used to install Pegasus software on the devices of the targeted entities.
Citizen Lab also previously discovered an exploit known as KISMET which allowed the installation of Pegasus software for the purposes of complete surveillance.
Though the exploit was patched through an urgent software update released by Apple, it apparently remains dormant until a zero-click is fired.
Citizen Lab researcher Bill Marczak had said that Apple still has a major problem with iMessage’s security even after the patch, which included the BlastDoor Framework as part of the iOS 14 update.
Apple's BlastDoor Framework is supposed to make zero-click exploitation more difficult, thereby making the installation of the Pegasus spyware less likely. However, the BlastDoor Framework may not be working as intended.
Marczak had also said that there has been “a dozen” high-severity bugs in Apple’s ImageIO.
However, clarification came from the iPhone maker over the issue. Condemning the cyberattacks, Head of Apple Security Engineering and Architecture Ivan Krstić said in a press release that such breaches usually are not a risk to the majority of its customers and that the US main is including new protections for its units in order to safeguard the information on them.
“Apple unequivocally condemns cyberattacks against journalists, human rights activists, and others seeking to make the world a better place. For over a decade, Apple has led the industry in security innovation and, as a result, security researchers agree iPhone is the safest, most secure consumer mobile device on the market,” Krstić said in a press release published on Monday.
Despite these assurances, experts believe that Apple might take a hit in the market due to the breach.
Talking to Sputnik, Cyber Security Expert Dinesh O Bareja said: “This is the second time that the myth about the security of the Apple iPhone has been broken. Earlier it happened last year when it [Apple] refused to decrypt a phone of a terrorist for the FBI and then the latter [FBI] managed to do it on its own.”
“Now anybody who is now going to buy an iPhone thinking it is secured will have a second thought in mind. The government agencies are anyways moving out of the open-source of public phones. This will hit the reputation of Apple because the invincibility factor is no more there,” he added.
Bareja further said that now more people will try to do research on the vulnerability of the iPhones as high net worth Individuals usually use them.
However, Prabhu Ram, Head-Industry Intelligence Group (IIG), CyberMedia Research (CMR) said that it may not impact the average user.
Ram told Sputnik: “When it comes to cyber threats, the race to discover, to exploit any device vulnerability, and install malicious spyware is an ongoing endeavour.”
“For Apple, ensuring security and privacy is an always-on process, and I believe it will continue to invest in that direction. Over the past few years, Apple has prioritised security and privacy as key business differentiators of the iPhones. With each successive generation of the iPhone, Apple has continued to beef-up its moat by introducing new security features,” he stated.