You can make a difference in the Apple Support Community!
When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.
When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.
Please don't say iPhones are immune.
What's the best advice for checking iPhones for malware and removal options besides a factory restore (which I do every year).
And can iCloud store the malware so it can be reinstalled inadverently?
[Re-Titled by Moderator]
iPhone 12 Pro Max
If you sincerely believe your have it, force your phone into recovery mode and restore iOS using your computer. Do not restore a backup. Start from scratch.
If you sincerely believe your have it, force your phone into recovery mode and restore iOS using your computer. Do not restore a backup. Start from scratch.
Mate7000 wrote:
This is not about you are too important or not, it is about the vulnerability, the exploit which is available to install just by calling a number, if Pegasus can do, I am sure there would be many more to exploit this vulnerability. The point is if apple is not willing to fix then admit it publicly that our phones are just ordinary as others, the marketing gimmick of being the most secure phone should be stopped.
Log your feedback with Apple > https://www.apple.com/feedback/
In the interim, install iOS 14.7 and iPadOS 14.7.
I’d add to Mr Hoffman’s excellent analysis that preliminary information says that phones with US phone numbers cannot be infected by Pegasus, although there has been no information on why not.
Also, unless you fall into one of the target categories (journalist, government official, political activist, etc) the probability that you are targeted is close to zero (unless you live in Mexico). Remember that Pegasus is very expensive, in the hundreds of thousands of dollars. Are you really worth spying on that much?
The released information shows that up to 50,000 phones out of the over 3 billion smartphones in the world have been targeted. Based on that the probability of being a target is 0.002%, or 1 in 60,000. Your risk of getting COVID-19 is much higher that that, and is really what you should be concerned about.
Indications of compromise have not been published for the Pegasus malware, though press reports can be inferred to indicate that current apps and current software were not breached; this based on those reportedly targeted but not breached. The press reports of the Pegasus malware also indicated that infections were not persistent, but were re-introduced (as no-click exploits) as needed.
Patch to current, maintain current devices, restart.
Some information on how iPhone and iPad has been targeted have been published, and I’d expect Apple will be hardening those areas. Apple’s recently deployed “blast door” is relevant here, and I expect additional efforts will be made by Apple.
If you are a target of those with the budget for Pegasus or what other products we don’t yet know about, you will want to get explicit help with your security. This can include a number of techniques to reduce the value of your devices to those employing Pegasus, and to isolate sensitive information. The vast majority reading of those here are not targets. Criminals, political dissidents, investigative journalists, those with access to sensitive data or with access to substantial finances, are targets. As are their closest associates.
There will be increased advertising efforts toward for add-on apps that are seemingly little better than data collection packages, and for other add-on apps that cannot scan your devices for compromises, and the on-going efforts to phish our credentials and other information from us will continue apace, of course.
There was and is and will be no perfect security, and those with the budgets will continue to seek to compromise our devices, whether iPhone, iPad, macOS, Windows, Linux, or otherwise. We are already on an update treadmill with security and with security-related protocols including SSL/TLS connection security, and that treadmill will only continue.
Persistence past a reload has not been reported, and is rarely reported in other cases. Unfortunately, the no-click infections render reloading less than useful.
In short, there’s little any of us can do technically (for now), pending further information on Pegasus and/or fixes from Apple, beyond those of us that are targets partitioning our data and our activities and our device-equipped travels. This past robust and unique passwords, two-factor authentication, SSL/TLS/HTTPS everywhere, data hygiene, keeping current both with hardware and software, keeping sketchy apps off our devices, and with what Apple has previously published:
Same recommendations as before Pegasus became the centerpiece.
There will be much more happening here over the next weeks and months too, from Apple and elsewhere, as well as more information arising from press sources. And there will be the inevitable barrage of advertising around “security” apps, various of which are seemingly centrally data-harvesting or self-propagating advertising efforts.
I’ll likely publish a user tip with this and other info, as more info becomes available.
If you do publish, please share where to find it here.
Thanks for the thorough response. Is there no suggestion for checking/scanning?
I agree that most of us don't need to worry too much, but most of us should do whatever we can to keep safe and some of us need to be more vigilant for the reasons stated and more.
This is not about you are too important or not, it is about the vulnerability, the exploit which is available to install just by calling a number, if Pegasus can do, I am sure there would be many more to exploit this vulnerability. The point is if apple is not willing to fix then admit it publicly that our phones are just ordinary as others, the marketing gimmick of being the most secure phone should be stopped.
It takes time for the information to be disseminated.
Amnesty has purportedly released their tooling:
https://github.com/mvt-project/mvt
I have not yet tested this.
How to check and remove Pegasus Spyware from iPhone?
