Apple's Emergency Patch For NSO Hack

Uploaded on 2021-09-14 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Apple has released an emergency software patch to fix a security vulnerability that researchers have said allows hackers to directly infect iPhones and other Apple devices without any user action. Apple was not aware of the attack until researchers found evidence of it on a Saudi activist's phone. The  patch is to fix a major vulnerability in iMessage.

Security researchers found the vulnerability when they were investigating the potential hack of a Saudi activist’s iPhone, says Citizen Lab, a digital rights group housed at the University of Toronto's Munk School that has been analysing the Israeli NSO Group spyware. 

Malicious image files were transmitted to the activist’s phone via the iMessage instant-messaging app before it was hacked with NSO’s Pegasus spyware, which opens a phone to allow spying and remote data theft. “While analysing the phone of a Saudi activist infected with NSO Group’s Pegasus spyware, we discovered a zero-day zero-click exploit against iMessage...  
The exploit, which we call FORCEDENTRY, targets Apple’s image rendering library, and was effective against Apple iOS, MacOS and WatchOS devices.”

Pegasus is a powerful spyware that is capable of turning on a target’s camera and microphone to record messages, texts, emails, and calls, even if they’re sent via encrypted messaging apps. 

“We determined that the mercenary spyware company NSO Group used the vulnerability to remotely exploit and infect the latest Apple devices with the Pegasus spyware. We believe that FORCEDENTRY has been in use since at least February 2021” says Citizen Lab.

Researchers believe the attack was carried out by a customer of NSO, the infamous Israeli company that sells spyware to dozens of governments all over the world. 

The hack relied on an unknown vulnerability, also known as a zero-day in iMessage, which allowed the hackers to take over a target’s phone by sending them a message that was effectively invisible. These kinds of attacks are called zero-click exploits, as they don’t require the victim to click on anything.  The breach was significant because the flaws exploited the latest iPhone software at the time, both iOS 14.4 and later iOS 14.6, which Apple released in May. But the exploit broke through new iPhone defences that Apple had embedded into iOS 14, named BlastDoor, which were supposed to prevent silent attacks by filtering potentially malicious code. 

Zero click remote exploits are used to  infect a device without the victim’s knowledge or the need for the victim to click on anything at all and can be used to infect victim devices for as long as six months. They are principally used by governments, mercenaries and criminals who want to secretly monitor targets’ devices undetected.

Citizen Lab:    Vice:    The Register:    Flipboard:     Independent:      Threatpost:     Times Colonist:   

Image: Unsplash

You Might Also Read: 

The Spycraft Revolution:

 

« CYRIN Webinar - Stop Ransomware In Its Tracks
National Cybersecurity Failings: How Businesses Can Improve Their Security »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

SK-CERT

SK-CERT

SK-CERT National Computer Computer Emergency Response Team of Slovakia.

MailXaminer

MailXaminer

MailXaminer is an advance and powerful email investigation platform that scans digital data, performs analysis, reports on findings and preserves them in a court validated format.

Custodio Technologies

Custodio Technologies

Custodio Technologies was established as a Singaporean R&D Centre of Israel Aerospace Industries (IAI) in order to spearhead R&D activities in the field of cyber early warning.

ECOS Technology

ECOS Technology

ECOS Technology specializes in the development and sale of IT solutions for high-security remote access as well as the management of certificates and smart cards.

Fraud.com

Fraud.com

Fraud.com ensures trust at every step of the customer's digital journey; this complete end-to-end protection delivers unified identity, authentication and fraud detection and prevention.

Improsec

Improsec

Improsec is a fully independent Cyber Security advisory company - we provide knowledge, experience and both strategic and deep technical expertise to our clients.

Airtel Secure

Airtel Secure

Airtel Secure’s multi-layered, full service cybersecurity offerings are designed to safeguard enterprises against threats of various kinds and origins.

GoPlus Security

GoPlus Security

GoPlus is working as the "security infrastructure" for web3, by providing open, permissionless, user-driven Security Services.

Mondoo

Mondoo

Mondoo is a powerful security, compliance, and asset inventory tool that helps businesses identify vulnerabilities, track lost assets, and ensure policy compliance across their entire infrastructure.

ANSSI Burkina Faso

ANSSI Burkina Faso

ANSSI is responsible for managing the security of information systems and cyberspace in Burkina Faso.

Cloud Software Group

Cloud Software Group

Cloud Software Group provides mission-critical software to enterprises at scale.

EGUARDIAN

EGUARDIAN

EGUARDIAN serves as a Value-Added Distributor and technology enabler in the APAC region with the aim of further expanding globally and cater to the needs of the demands with the emerging technology.

INTfinity Consulting

INTfinity Consulting

The INTfinity team brings together decades of professional experience in cybersecurity. We're here to apply that same experience and proficiency in defending your networks.

DeepSurface Security

DeepSurface Security

DeepSurface is the first risk-based vulnerability management platform that allows cybersecurity teams to automate the process of analyzing and prioritizing vulnerabilities.

Konsulko Group

Konsulko Group

Konsulko Group offers embedded Linux software and hardware development and Yocto Project services.

Servadus

Servadus

Servadus help organizations with their cybersecurity and compliance programs through management and sustainability, consulting, and assessing.