A library found on iPhone and iMac maybe is going to Alarm the TSCM community, if you are going in the file system, you can find the folder:
group.com.apple.PegasusConfiguration
So a lot of Apple users are asking if there are victim about the NSO Pegasus Spyware, but no, it is totally normal.
It is an Apple Framework with most files installed on the Read Only partition of the drive where no one can add or change any of the files.
The specific folder usually is empty and in some case there’s the user activityies log, so this fact alarmed people who believed that the log was the data exfiltrated by the famous spyware.
We think it is safe, Apple would not be installing Pegasus Spyware on your system, but there’s not any description by Apple on this. Why should they name it like that: Pegasus. It will creates confusion.
The name it self will not to be considered a problem, because the word “Pegasus” was in use for hundreds of years prior to it being assigned to a nefarious piece of software. And certainly the mere mention of the word is not an issue.
And looking back, this library is named in some old Apple OS, before the NSO release the malware, so we can say that it’s all safe.