This was an exploit chain that relied on a flaw in WhatsApp to more easily deliver a malicious payload to the underlying iOS device (for CVE-2025-43300) but don't think that the core exploit used here isn't accessible via Signal, FB Messenger, Threema, etc. Messaging apps are by far the highest risk attack surface for mobile since all an attacker needs for your device to process a malicious payload is your email address or phone #. So for those saying "down with WhatsApp", your favourite messenger is likely at risk too until you update iOS. If you received a threat notification from Meta, reach out to the team running the Am I Secure? app on the App Store.

Forbes article recommends Am I Secure? tool on the App Store for finding spyware https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fwww.forbes.com%2Fsites%2Fd...

Numbers Station messaging app for iOS generates keys in Secure Enclave for encrypting all stored messages (to ensure encrypted data cannot be copied and password brute forced off device, cracking would have to occur on device) and combines that key with a user password for access to stored messages and the app. Whenever app is backgrounded, key is wiped from memory and user has to reenter password. Stops Cellebrite and Graykey from accessing messages even when they unlock the device. Signal data at rest of course can be fully accessed by both.

Whenever I post on slashdot it converts apostrophes to â(TM), I forgot and used apostrophes before I posted, does not happen in any other program or web site. I see it happens to other users on Slashdot as well (search Google for "slashdot.org itâ(TM)s") . Weird.

Usually itâ(TM)s the delivery of a malicious payload via an instant messaging app like iMessage, Signal, WhatsApp, etc. iMessage gets all the attention but all of them are at risk since the vulnerabilities are in the operating system and can be reached via any of those messenger apps, itâ(TM)s not actually a vulnerability in the messaging app thatâ(TM)s the issue. Your device receives the message and automatically starts processing it which triggers the exploit. You never see the new message notification or message itself since the attacker already controls your device before it would get to that point and deletes it. Check out the Am I Secure? app on the App Store, has good advice on protecting your device. Iâ(TM)m a subscriber to their scanning service since they already caught some attacks against their users. https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fwww.numbersstation.app... Can also happen via a link to a malicious web site (although thatâ(TM)s more obvious and easier to avoid) as well as network injection where an attacker has network level access and simply steers your device to malicious websites even when you go to a legitimate one.

A company (see link below) caught someone hacking iOS devices with intellectual property theft as their goal, so in line with your third thought. Could still be China of course, IP theft is kind of their thing, but perhaps corporate attacker too. https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fwww.numbersstation.app...

Sysdiagnose for macOS is more extensive than for iOS, the privacy warnings arenâ(TM)t the same. But yeah, definitely privacy concerns with macOS version.

Almost every new iOS security update is triggered by the latest vulnerabilities found and exploited by the developer of Pegasus, the NSO Group, or another spyware vendor. So they keep finding new ways in.

Apple routinely suggests users share such data with app developers for finding the cause of issues. This is different from an iTunes backup which would definitely contain private data.

With iOS that is your only option unfortunately. Given how infrequent forensic analysis is though, so far no implants are making any attempt to hide themselves. They try and ensure that the sensitive exploit chain that delivered them is wiped but that involves simply deleting objects from specific on device databases typically versus modifying numerous logs. Unsure if so far it is not worth their while or if attempting to modify logs as they are captured introduces system instability which makes it more likely a victim will become concerned.

That's in part why this app (https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fapps.apple.com%2Fapp%2Fid6468312814) can catch even unknown implants/spyware. It is not the implant that is the ultra sophisticated part but it is of course the part that causes you harm and invades your privacy.

The implant itself, so Pegasus, doesnâ(TM)t need to change as often as the exploits used to deliver it to the victimâ(TM)s device. Those need to change every time they get caught and Apple or Google issue new security updates. Pegasus itself isnâ(TM)t particularly impressive, itâ(TM)s how they get it on your device that is.

Not sure why youâ(TM)re suggesting analyzing system diagnostic data wouldnâ(TM)t be a worthwhile exercise to detect spyware. Not familiar with cyber security much?

For iOS and uses a new technique no other apps are using, you share iOS system diagnostic data with the app so it can access it outside of the app sandbox and it analyses that. Other apps pretend to check but canâ(TM)t due to app sandboxing. Called Am I Secure? on the App Store https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fapps.apple.com%2Fapp%2Fid6...

Itâ(TM)s because back in June or July the same company was offering $2M for a full exploit chain, now itâ(TM)s a range of $200K to $20M but presumably a full chain is the $20M. Hence 10x in the article. Itâ(TM)s all BS though, no way they are paying that much. Likely they take your exploit and run, paying out nothing, not like anyone is going to complain that a company in a sanctioned country (Russia) that it is illegal to do business with in the first place stole their money! Theyâ(TM)re usually looking for exploits targeting messaging apps so I use one for iOS called Numbers Station (www.numbersstation.app) that quarantines messages that could contain those types of exploits. Stops NSO Group ones too.