Israeli spyware company NSO Group claims its multi-million dollar surveillance tool, dubbed Pegasus, canextract data from services like Google Drive or iCloudvia infected iPhones. Thankfully, Amnesty International’s new tool can check if your phone runs Pegasus spyware.
If you’re worried that your iPhone might’ve been infected with Pegasus, don’t.
How to check iPhone for Pegasus spyware
But we understand that this explanation may not be satisfactory and that you may be interested in confirming that your iPhone has not been infected with the Pegasus spyware. If so, Amnesty International has released a tool to do just that.
→How to fix the “Waiting for activation” issue in iMessage and FaceTime
While the process is a bit technical and involves Terminal, Xcode and such, it’s not too complicated. Basically, you must first back up your iPhone to a separate computer before you can run NSO’s tool which will go to work and check your device backup for signs of infection.
For more info, read a write-up byThe VergeandAmnesty International’s instructions.
How Pegasus infects iPhones via iMessage exploits
But up until recently, we were in the dark as to how the software actually infects devices.
It also indicates that Apple has a MAJOR blinking red five-alarm-fire problem with iMessage security that their BlastDoor Framework (introduced in iOS 14 to make zero-click exploitation more difficult) ain’t solving.
— Bill Marczak (@billmarczak)June 27, 2025
As major news organizations revealed in a big scoop based on findings by the Amnesty International, NSO’s surveillance software can be injected remotely on a target device via an iMessage that doesn’t even produce a notification nor does it require any action from the user.
This apparently takes advantage not only of zero-day exploits but also vulnerabilities in the iMessage protocol caused by Apple’s use of common data-parsing libraries known for memory leaks. Apple’s attempted to fix this by adding a firewall system to iMessage, called BlastDoor.
I promise you@Applehas no idea how deep the iceberg of targeted iOS malware goes. Not by a long shot. They’ve just accepted it as an unremarkable inevitability and we can’t.
— J. A. Guerrero-Saade (@juanandres_gs)August 15, 2025
While BlastDoor was designed to segment incoming iMessage content in case it contained malicious links or code, it hasn’t managed to stop these attacks at all. Making matters worse are exploits in other parts of the operating system, like the ImageIO framework which provides, among other things, image-parsing features for JPEG and GIF files.
But if Apple wants to plug those problematic holes in the iMessage system, then we’re afraid the company has no other choice but gradually rewrite iMessage from scratch using either proven libraries or write its own libraries for safe parsing of incoming content.
