Don't miss the latest stories
Apple Rolls Out Emergency iOS Fix For Spyware Hack Costing Millions To Develop
By Ell Ko, 14 Sep 2021
Subscribe to newsletter
Like us on Facebook
Image via ID 132055542 © Prykhodov | Dreamstime.com
Apple has just released an urgent software update for its devices to fix a vulnerability that has been exploited by surveillance software.
A gap in iMessage allowed hackers to access the user’s phone without the user having to click on any links. This was made possible by Pegasus, a spyware crafted by Israeli firm NSO Group, which allows for the surveillance of journalists and human rights advocates across the world.
CNN reports that the NSO Group had said that its software was only developed and sold to “vetted” customers for law enforcement or to combat terrorism. However, previous evidence has indicated that it has been used against journalists for years.
In a statement, Ivan Krstić, head of Apple Security Engineering and Architecture, details that attacks like these are “highly sophisticated” and can cost millions of dollars to develop despite their “short shelf life.” They’re most commonly used to specifically target an individual.
This one in particular was created to keep watch over a Saudi activist, who chooses to remain anonymous. A team from the Citizen Lab of the University of Toronto was investigating their Pegasus-infected phone when they discovered this flaw.
Dubbed ‘FORCEDENTRY’, it was a zero-day, zero-click exploit that targeted Apple’s image rendering library across iOS, iPadOS, macOS, and watchOS.
When made aware of this, Apple rolled out the new software update—14.8 for iOS and iPadOS—and described the impact as “processing a maliciously crafted PDF [that] may lead to arbitrary code execution.” The company also states that it is “aware of a report that this issue may have been actively exploited.”
Although the software was made to target one person and a majority of users shouldn’t face any specific threat, Krstić and the Citizen Lab still recommend that the update be downloaded immediately for enhanced security.
More details about this update and another security fix, alongside a list of compatible devices, can be found on Apple’s update report.
NEW REPORT
— Citizen Lab (@citizenlab) September 13, 2021
FORCEDENTRY: NSO Group iMessage Zero-Click Exploit captured in the Wildhttps://t.co/IrtsNRVPGS
[via CNN, image via ID 132055542 © Prykhodov | Dreamstime.com]
Receive interesting stories like this one in your inbox
Also check out these recent news