Amnesty International posts a report on NSO Group’s Pegasus software used to attack iPhones. Attacks were already used on journalists.

Attack includes zero-click iMessage exploit allowing private data access on iPhones. Currently, no clear indications on which iOS versions are affected, but it seems that iOS 14.6 is vulnerable.

NSO Group uses zero day exploits to attack iPhone and Android phones, and sells this software.

Report: Forensic Methodology Report: How to catch NSO Group’s Pegasus

Washington Post: Despite the hype, iPhone security no match for NSO spyware

Reference: Apple defends iPhone security amid NSO’s Pegasus zero-click iMessage exploit, Apple condemns Pegasus cyberattacks against journalists in new statement

Recommendations

Developer:

Beware of potential risks. Consider adding more jailbreak detection metrics to the application.

QA engineer:

Beware of potential risks.

PM/DM:

Beware of potential risks. Consider planning improvements to app data protections.