The Canadian research team Citizen Lab found that attackers had managed to infiltrate people’s iPhones and infect them with military-grade spyware Pegasus.
Pegasus is very nasty by the way – it can access the camera of the device, listen to calls, send messages, and record conversations.
Basically, if it got onto the wrong phone – or any phone – there could be big trouble.
Versions of this incredibly dangerous software have been used to target journalists, politicians, and one has reportedly even been discovered on a device within Boris Johnson’s computer network.
The latest exploit to be uncovered in which Pegasus was uploaded to devices was found by the folks at Citizen Lab, which is a digital research team based out of the University of Toronto.
Pegasus was used on iPhones that were owned by activists, journalists, and politicians in Catalunya in late 2019 and early 2020.
Writing in a blog post, Citizen Lab said that the security flaw, which was previously unknown and has been called HOMAGE, can affect some devices which are running on any iOS before iOS 13.2.
That’s good news, because the current version is up to 15.4, so anyone using a later version will probably be OK for now, as Apple appear to have patched up the issue on any iOS after that 13.2 version.
Citizen Lab said: "Among Catalan targets, we did not see any instances of the HOMAGE exploit used against a device running a version of iOS greater than 13.1.3,
"It is possible that the exploit was fixed in iOS 13.2.
"We are not aware of any zero-day, zero-click exploits deployed against Catalan targets following iOS 13.1.3 and before iOS 13.5.1."
Attacks have seen Catalan Members of the European Parliament targeted, as well as every single Catalan President since 2010.
Citizen Lab has given their findings over to Apple in the hope that they’ll investigate and help find the source of the attacks, although they did suggest a suspect.
In their post, they continued: "At this time the Citizen Lab is not conclusively attributing these hacking operations to a particular government,
"However, a range of circumstantial evidence points to a strong nexus with one or more entities within Spanish government."
Still, Catalan diplomat or not, we all need to be as safe as possible out there.
The internet is a huge and dangerous place, at times.