Apple urged all users to update their devices after a group of researchers from the University of Toronto’s Citizen Lab warned that the Israeli spyware company NSO Group had developed a way to take control over nearly any Apple computer, watch, or iPhone.
Apple has now released an emergency software update in iOS 14.8 and urging its users to update their devices including iPhones, Mac computers, and Apple Watches as soon as possible after learning of “Zero-click exploit”.
“Apple is aware of a report that this issue may have been actively exploited,” the company said on its website Monday.
A report published by a group of researchers from the University of Toronto’s Citizen Lab said it has detected “zero-day zero-click exploit against iMessage” which it calls “forcendentry” or “forced entry”.
“Zero-click exploit” means spyware can be deployed without the person even clicking on a link or a file.
Devices affected by CVE-2021-30860 per Apple:
All iPhones with iOS versions prior to 14.8, All Mac computers with operating system versions prior to OSX Big Sur 11.6, Security Update 2021-005 Catalina, and all Apple Watches prior to watchOS 7.6.2.
The group published a report about it Monday.
Recent re-analysis of the backup yielded several files with the “.gif” extension in Library/SMS/Attachments that the group determined were sent to the phone immediately before it was hacked with NSO Group’s Pegasus spyware, the Citizen lab said.
The report released by the Citizen lab summarized as below:
- While analyzing the phone of a Saudi activist infected with NSO Group’s Pegasus spyware, we discovered a zero-day zero-click exploit against iMessage. The exploit, which we call FORCEDENTRY, targets Apple’s image rendering library, and was effective against Apple iOS, MacOS and WatchOS devices.
- We determined that the mercenary spyware company NSO Group used the vulnerability to remotely exploit and infect the latest Apple devices with the Pegasus spyware. We believe that FORCEDENTRY has been in use since at least February 2021.
- The Citizen Lab disclosed the vulnerability and code to Apple, which has assigned the FORCEDENTRY vulnerability CVE-2021-30860 and describes the vulnerability as “processing a maliciously crafted PDF may lead to arbitrary code execution.”
- Today, September 13th, Apple is releasing an update that patches CVE-2021-30860. We urge readers to immediately update all Apple devices.
Meanwhile, as Citizen Lab researcher John Scott-Railton told the New York Times, whoever is behind the exploit can do “everything an iPhone user can do on their device and more” once it’s infected. This includes tracking any texts or emails sent, any calls made and switching on a device’s camera without the user’s knowledge. Even if those communications happen over an encrypted app, like Signal or Telegram, NSO can still harvest that data and pass it back to their clientele, the Times reports.
A group of researchers in March 2021 examined the phone of a Saudi activist who has chosen to remain anonymous and determined that they had been hacked with NSO Group’s Pegasus spyware. During the course of the analysis the lab obtained an iTunes backup of the device, the Citizen Lab said.
A global media for the latest news, entertainment, music fashion, and more.
