Latentimage

LatentImage is a software vulnerability discovered by Citizen Lab, identified as the third zero-click exploit used by NSO Group in 2022. This flaw was found on a single target's phone and is believed to be the first new exploit deployed by the NSO Group that year. Similar to two other exploits uncovered by Citizen Lab, namely FINDMYPWN and another variant of LatentImage, it appears to involve the iPhone's Find My feature. However, it constitutes a different exploit chain than FINDMYPWN. The discovery of LatentImage took place in January 2022, with the exploit being active on iOS 15. The researchers at Citizen Lab found this third zero-click exploit to be distinct from the previous two, although all three were utilized to exploit the same iPhone feature. These findings resulted from an extensive investigation into the activities of NSO Group, an organization known for its development and deployment of sophisticated cyber-espionage tools. Citizen Lab's investigation further revealed that NSO Group was hired to use these exploit chains, including LatentImage, to deploy Pegasus spyware against human rights groups in Mexico. One of these groups, Centro PRODH, represents families accusing the Mexican military of abuses. This revelation has led to legal action, with Apple suing NSO Group for its use of these vulnerabilities to compromise the security and privacy of iPhone users.