Apple's Emergency Patch For NSO Hack

Uploaded on 2021-09-14 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Apple has released an emergency software patch to fix a security vulnerability that researchers have said allows hackers to directly infect iPhones and other Apple devices without any user action. Apple was not aware of the attack until researchers found evidence of it on a Saudi activist's phone. The  patch is to fix a major vulnerability in iMessage.

Security researchers found the vulnerability when they were investigating the potential hack of a Saudi activist’s iPhone, says Citizen Lab, a digital rights group housed at the University of Toronto's Munk School that has been analysing the Israeli NSO Group spyware. 

Malicious image files were transmitted to the activist’s phone via the iMessage instant-messaging app before it was hacked with NSO’s Pegasus spyware, which opens a phone to allow spying and remote data theft. “While analysing the phone of a Saudi activist infected with NSO Group’s Pegasus spyware, we discovered a zero-day zero-click exploit against iMessage...  
The exploit, which we call FORCEDENTRY, targets Apple’s image rendering library, and was effective against Apple iOS, MacOS and WatchOS devices.”

Pegasus is a powerful spyware that is capable of turning on a target’s camera and microphone to record messages, texts, emails, and calls, even if they’re sent via encrypted messaging apps. 

“We determined that the mercenary spyware company NSO Group used the vulnerability to remotely exploit and infect the latest Apple devices with the Pegasus spyware. We believe that FORCEDENTRY has been in use since at least February 2021” says Citizen Lab.

Researchers believe the attack was carried out by a customer of NSO, the infamous Israeli company that sells spyware to dozens of governments all over the world. 

The hack relied on an unknown vulnerability, also known as a zero-day in iMessage, which allowed the hackers to take over a target’s phone by sending them a message that was effectively invisible. These kinds of attacks are called zero-click exploits, as they don’t require the victim to click on anything.  The breach was significant because the flaws exploited the latest iPhone software at the time, both iOS 14.4 and later iOS 14.6, which Apple released in May. But the exploit broke through new iPhone defences that Apple had embedded into iOS 14, named BlastDoor, which were supposed to prevent silent attacks by filtering potentially malicious code. 

Zero click remote exploits are used to  infect a device without the victim’s knowledge or the need for the victim to click on anything at all and can be used to infect victim devices for as long as six months. They are principally used by governments, mercenaries and criminals who want to secretly monitor targets’ devices undetected.

Citizen Lab:    Vice:    The Register:    Flipboard:     Independent:      Threatpost:     Times Colonist:   

Image: Unsplash

You Might Also Read: 

The Spycraft Revolution:

 

« CYRIN Webinar - Stop Ransomware In Its Tracks
National Cybersecurity Failings: How Businesses Can Improve Their Security »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

SecureAuth

SecureAuth

SecureAuth delivers cutting edge identity and information security solutions for cloud, mobile, web, and VPN systems.

Cybsecurity Foundation (CSF)

Cybsecurity Foundation (CSF)

Cybsecurity is a non-profit NGO, which aims to work on improvement of security levels in the Polish cyberspace.

Honeynet Project

Honeynet Project

The Honeynet Project is a leading international non-profit security research organization, dedicated to investigating the latest attacks and developing open source security tools.

Cyber Resilient Energy Delivery Consortium (CREDC)

Cyber Resilient Energy Delivery Consortium (CREDC)

CREDC performs multidisciplinary R&D in support of the Energy Sector Control Systems Working Group’s Roadmap of resilient Energy Delivery Systems (EDS).

CyberSecurity Non-Profit (CSNP)

CyberSecurity Non-Profit (CSNP)

CyberSecurity Non-Profit (CSNP) is a 501(c)(3) non-profit organization dedicated to promoting cybersecurity awareness and education.

Russell Reynolds Associates

Russell Reynolds Associates

Russell Reynolds Associates is a global leadership advisory and search firm with functional expertise in Digital Leadership, Data & Analytics, and Compliance.

Tetrate.io

Tetrate.io

Tetrate Service Bridge provides enterprises with a consistent, unified way to connect and secure services across an entire mesh-managed environment.

FastNetMon

FastNetMon

FastNetMon is a very high performance DDoS detection and mitigation tool which could detect malicious traffic in your network and immediately block it.

ImagineX Consulting

ImagineX Consulting

ImagineX Consulting is a cybersecurity-focused boutique technology consultancy whose mission is to help our clients #BeBetter by reducing their corporate risk.

B&L PC Solutions

B&L PC Solutions

B&L PC Solutions deliver top cyber security services on Long Island and New York city to protect businesses from evolving online threats.

CyberMontana

CyberMontana

CyberMontana is a statewide initiative providing cybersecurity awareness, training, and workforce development for businesses and residents of Montana.

Simpson Associates

Simpson Associates

Simpson Associates is a Data Transformation and managed services provider that helps organisations gain valuable insights from their data and make better-informed decisions.

Karthik Consulting (KC)

Karthik Consulting (KC)

Karthik Consulting is a technology service provider specializing in IT services for the U.S. federal government.

Secomea

Secomea

Secomea redefines manufacturing plant security by combining internationally recognized industry best practices as critical components of our robust cybersecurity strategy.

INETCO Systems

INETCO Systems

INETCO deliver essential real-time cybersecurity, payment fraud detection, operational monitoring and analytics solutions that empower our customers to grow their businesses without interruptions.

Sensiba

Sensiba

Sensiba are accountants, consultants, and experts in good business. We use deep industry experience to help organizations solve problems, navigate complexity, and build sustainable growth.