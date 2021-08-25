A new zero-click Pegasus attack against a human right activist has managed to bypass Apple’s BlastDoor protections, a report from security researchers at Citizen Lab has said. The attack, launched on a Bahraini human rights activist was taken out earlier this year. The researchers at Citizen Lab said that the spyware from NSO Group defeated new security protections that Apple has designed to withstand covert compromises. The activist whose iPhone was attacked is a member of the Bahrain Center for Human Rights - an award winning NGO that promotes human rights in the Gulf region.

Citizen Lab analysed the activist’s iPhone 12 Pro and found evidence that it was hacked starting in February using a so-called “zero-click" attack since it does not require any user interaction to infect a device. The zero-click attack took advantage of a previously unknown vulnerability in Apple’s iMessage, which was exploited to push Pegasus on the activist’s phone. The hack is significant as it bypasses iOS 14‘s BlastDoor security feature that is supposed to prevent these kind of covert attacks on iPhones by filtering malicious data sent over iMessage. The researchers are calling the attack ForcedEntry due to its ability to bypass BlastDoor.

Previously, a zero-click Pegasus attack against journalists, human rights activists, and more had prompted Apple to release a security update in iOS 14.7.1, which was widely believed to be a fix for that exploit. Researchers at Citizen Lab say that the method of this attack is different.

Apple, in a response to 9to5Mac, re-sent the same statement that it had sent the last time, and did not comment on if iOS 14.7.1 protects against these kind of attacks. The statement condemns the attack, and says that the risk is low for most customers.

Read all the Latest News, Breaking News and Coronavirus News here