Special Report: Apple Issues Emergency Updates After Citizen Lab Discovers Zero-Day, Zero-Click Exploit Against iMessage
Citizen Lab researchers say that the exploit delivers Pegasus spyware from NSO, FORCEDENTRY exploit likely in use since March leaving Apple products vulnerable to surveillance by NSO customers
While examining the phone of a Saudi activist last March, security researchers at CitizenLab discovered a novel zero-day, zero-click exploit against iMessage they call FORCEDENTRY (CVE-2021-30860). The exploit targets Apple’s image rendering library and is effective against Apple iOS, MacOS, and WatchOS devices.
The researchers determined that notorious Israeli spyware company NSO used the exploit to implant its Pegasus surveillance software into Apple devices. Using the zero-click method, Pegasus can control the user’s camera and microphone and can access content on devices, including recorded messages, texts, emails, and calls, even content that was sent and received over encrypted connections.
CitzenLab believes the zero-day exploit, which is invisible to users by requiring no action on their part, was in use since at least March of this year, leaving billions of Apple products vulnerable to surveillance by NSO’s customers, many of which are despotic governments.
However, Ivan Krstić…
Keep reading with a 7-day free trial
Subscribe to Metacurity to keep reading this post and get 7 days of free access to the full post archives.