Apple has updated its family of operating systems to correct a critical vulnerability affecting your devices: Macs, iPhones, iPads, and Apple Watch. It is a zero day identified as FORCEDENTRY, and that can be exploited by the famous spyware Pegasus.
The CVE-2021-30860 vulnerability was discovered by Citizen Lab researchers and classified as a zero-day zero-click exploit in iMessage, thanks to it Pegasus can infiltrate the device without being detected to view all messages or listen to user calls.
Update your devices immediately
While analyzing the phone of a Saudi activist infected with NSO Group’s Pegasus spyware, we found a zero-day zero-click exploit against iMessage. The exploit, called FORCEDENTRY, targets Apple’s image rendering library & was effective against Apple iOS, MacOS & WatchOS devices.
– Citizen Lab (@citizenlab) September 13, 2021
Following the Citizen Lab report, Apple acted quickly and has released updates for all of its systems. It is extremely important that all users update as soon as possibleBecause even though these attacks usually have very specific objectives, we don’t know much about their scope.
The vulnerability is believed to have been being exploited by the NSO group since February 2021. Apple says this is an issue in WebKit, affecting macOS Big Sur, iOS, iPadOS, and Safari, which can be exploited for remote code execution if the vulnerable component processes malicious web content.
For example, simply by opening a maliciously crafted PDF document, the vulnerability can be exploited with the Pegasus spyware. no need for additional user interaction.
Simply open a maliciously crafted PDF document for Pegasus to exploit the vulnerability
Pegasus has been in the headlines since August 2016 when the Citizen Lab itself, together with Lookout researchers, discovered vulnerabilities in iOS that were being exploited to spy on iPhone users.
More recently, the enormous reach that this spyware has had was discovered, compromising the privacy of thousands of journalists and opponents spied on by governments around the world (including Spain). From his relationship with the murder of Jamal Khashoggi, to the hacking of the Amazon CEO’s phone and the attack on WhatsApp in 2019.