首页 - Security - Main Content

Apple's HomeKit Vulnerability Exploited by Spy Agencies; Specific Details Yet to Be Disclosed

The notorious Israeli commercial spyware developer, NSO Group's Pegasus spyware, was recently discovered to be used in attacks against two Serbian iPhone users. It is almost certain that the newly exploited vulnerability by NSO involves Apple's smart home service suite, HomeKit.

It is noteworthy that this attack was proactively detected by Apple, which means Apple actively notified these two Serbian users upon detecting potential threats. Subsequently, these users contacted professional organizations to analyze their iPhones.

Pegasus spyware by NSO Group can infect the target user's iPhone by just sending an iMessage, without requiring any interaction from the user or sending any notifications.

However, the vulnerability related to iMessage has been fixed. This time, NSO seems to have exploited a new vulnerability, using a HomeKit flaw to complete the attack.

After analysis by the professional organization, it was confirmed that both infected iPhones were receiving data from two different iCloud email addresses, both controlled by NSO.

This is not the first instance of hackers utilizing HomeKit vulnerabilities for attacks. Similar attacks had also occurred in India before. It is confirmed that Apple is aware of the vulnerability and has likely deployed defensive measures, but the specific details of the flaw have not yet been disclosed.

It remains unclear who is behind the attacks on these two Serbian users. The shadowy figure used NSO's Pegasus spyware for the attack, which is why Pegasus is known as commercial spyware.

HomeKit(3)iMessage(2)NSO Group(1)Pegasus(2)spyware(2)Vulnerability(25)

Copyright Notice:
Thank you for reading. This article was written by Landian News, and the author is Brook.X. If you wish to repost this article, please include a link to the original: https://landian.news/article/4587.html

{{userData.name}}

Apple's HomeKit Vulnerability Exploited by Spy Agencies; Specific Details Yet to Be Disclosed

Apple Launches iOS 18.3 Beta 1 with New Support for Vacuum Robots in Smart Home App

Researchers Find Downgrade Vulnerability in Windows 10/11 that Can Restore Previously Fixed High-Risk Vulnerabilities

Apple's Push for Enhanced Security: New iMessage Encryption Feature Spotted in iOS 16.6 Beta

The Unimaginable Reach of Israel's Pegasus Spyware: 7 Infections Detected Among 2,500 Checks

Cisco Discovers Multiple Security Issues in Office for Mac, Microsoft Deems Them Non-Issues and Refuses Fixes

Google Decides to Shut Down the Google Play Security Reward Program by the End of September Due to Fewer Bug Submissions

Developers Create Proof of Concept for Windows IPv6 Vulnerability, Paralyzing Devices with Specially Crafted Packets

Windows Downdate: A Research Tool That Could Turn Into a Hacker's Weapon

Google Updates Chrome Blog, Reveals Another High-Risk Vulnerability Exploited by Hackers, Now Fixed

Windows TCP/IP Vulnerability Draws Industry Attention: Remote Code Execution Possible with Specially Crafted IPv6 Packets

[Download] Free Virtual Machine Software VMware Workstation Pro v17.6.2 Official Release - No Activation Required

MAS v2.9 Update: Your All-In-One Solution to Windows/Office Activation Issues

Microsoft Adds Red Hat's RHEL to the Official WSL Support, Allowing Corporate Customization

[Updated] The Importance of Data Backup: European Cloud Company Hetzner Deletes All Servers and Data of a Client Without Warning

Linux Kernel 6.13 to Support Display of Stuck Task Counts, Aiding Administrators in Fault Diagnosis

Ubuntu 20.04 LTS Support Nearing End: Upgrade or Subscribe to ESM for Updates

Elementary OS 8 Released: Aiming to Replace Windows and macOS

OpenAI Expands ChatGPT Collaboration: New IDE and Terminal Tool Integrations

Linux Kernel 6.13 First Release Candidate (RC1) Launched with Multiple New Features and Improvements