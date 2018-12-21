from the forget-the-hyperbole-it's-'not-good' dept.
Researchers call NSO zero-click iPhone exploit 'incredible and terrifying':
Google researchers have described NSO Group's zero-click exploit used to hack Apple devices as "incredible and terrifying," Wired has reported. Project Zero researchers called it "one of the most technically sophisticated exploits we've ever seen" that's on par with attacks from elite nation-state spies.
The Project Zero team said it obtained one of NSO's Pegasus exploits from Citizen Lab, which managed to capture it via a targeted Saudi activist. It also worked with Apple's Security Engineering and Architecture (SEAR) group on the technical analysis.
NSO's original exploit required the user to click on a link, but the latest, most sophisticated exploits require no click at all. Called ForcedEntry, it takes advantage of the way iMessage interprets files like GIFs to open a malicious PDF file with no action required from the victim. It does so by using old code from the 1990s used to process text in scanner images.
(Score: 2) by looorg on Sunday December 19, @05:54AM (1 child)
On par with? They more or less are one. Founders came from military intelligence and they most likely recruit heavily from such units once their tour of duty is over.
Still nice that you dont even have to click some tedious links anymore. But if that has been around from the 90's how the fuck have that not been patched yet and how is it still in use.
(Score: 0) by Anonymous Coward on Sunday December 19, @07:26AM
Because code review costs money and nobody wants that shit. "Make something customers want."
I'm quoting an old boss of mine, although in that particular instance, I was filling a feature requested by several school districts and teachers, which was, at the time, our fastest growing segment of customers. There's (several) reasons I don't work for him anymore.