Researchers at Citizen Lab, a digital research unit with the University of Toronto, have found a new zero-click iMessage exploit used to infect iPhones belonging to Catalan politicians, journalists, and activists with NSO Group’s Pegasus spyware between 2017 and 2020.
The exploit, dubbed “Homage,” was used in a campaign that targeted at least 63 individuals, including Catalan Members of the European Parliament (MEPs), Catalan presidents, as well as Catalan legislators, jurists, journalists, and members of civil society organizations and their families. The previously-undisclosed iOS zero-click vulnerability affects some iOS versions before iOS 13.2.
The Citizen Lab said it has not found evidence that the Homage exploit was used against devices running iOS 13.1.3 or later.
“The HOMAGE exploit appears to have been in use during the last months of 2019, and involved an iMessage zero-click component that launched a WebKit instance in the com.apple.mediastream.mstreamd process, following a com.apple.private.alloy.photostream lookup for a Pegasus email address,” the researchers wrote. “The WebKit instance in the com.apple.mediastream.mstreamd process fetched JavaScript scaffolding that we recovered from an infected phone.”
The research team has reported their findings to Apple and provided them with relevant forensic artifacts. The researchers say there is no evidence that the latest versions of iOS are vulnerable to the Homage exploit.