Apple's Emergency Patch For NSO Hack

Uploaded on 2021-09-14 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Apple has released an emergency software patch to fix a security vulnerability that researchers have said allows hackers to directly infect iPhones and other Apple devices without any user action. Apple was not aware of the attack until researchers found evidence of it on a Saudi activist's phone. The  patch is to fix a major vulnerability in iMessage.

Security researchers found the vulnerability when they were investigating the potential hack of a Saudi activist’s iPhone, says Citizen Lab, a digital rights group housed at the University of Toronto's Munk School that has been analysing the Israeli NSO Group spyware. 

Malicious image files were transmitted to the activist’s phone via the iMessage instant-messaging app before it was hacked with NSO’s Pegasus spyware, which opens a phone to allow spying and remote data theft. “While analysing the phone of a Saudi activist infected with NSO Group’s Pegasus spyware, we discovered a zero-day zero-click exploit against iMessage...  
The exploit, which we call FORCEDENTRY, targets Apple’s image rendering library, and was effective against Apple iOS, MacOS and WatchOS devices.”

Pegasus is a powerful spyware that is capable of turning on a target’s camera and microphone to record messages, texts, emails, and calls, even if they’re sent via encrypted messaging apps. 

“We determined that the mercenary spyware company NSO Group used the vulnerability to remotely exploit and infect the latest Apple devices with the Pegasus spyware. We believe that FORCEDENTRY has been in use since at least February 2021” says Citizen Lab.

Researchers believe the attack was carried out by a customer of NSO, the infamous Israeli company that sells spyware to dozens of governments all over the world. 

The hack relied on an unknown vulnerability, also known as a zero-day in iMessage, which allowed the hackers to take over a target’s phone by sending them a message that was effectively invisible. These kinds of attacks are called zero-click exploits, as they don’t require the victim to click on anything.  The breach was significant because the flaws exploited the latest iPhone software at the time, both iOS 14.4 and later iOS 14.6, which Apple released in May. But the exploit broke through new iPhone defences that Apple had embedded into iOS 14, named BlastDoor, which were supposed to prevent silent attacks by filtering potentially malicious code. 

Zero click remote exploits are used to  infect a device without the victim’s knowledge or the need for the victim to click on anything at all and can be used to infect victim devices for as long as six months. They are principally used by governments, mercenaries and criminals who want to secretly monitor targets’ devices undetected.

Citizen Lab:    Vice:    The Register:    Flipboard:     Independent:      Threatpost:     Times Colonist:   

Image: Unsplash

You Might Also Read: 

The Spycraft Revolution:

 

« CYRIN Webinar - Stop Ransomware In Its Tracks
National Cybersecurity Failings: How Businesses Can Improve Their Security »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Janusnet

Janusnet

Janusnet develops software and solutions for organisations to enforce and manage data security.

Secure-NOK

Secure-NOK

Secure-NOK provides products and solutions that detect and remove security attacks and harmful events in industrial networks and control systems.

Emsisoft

Emsisoft

Emsisoft protects your devices against all types of malware, ransomware and other threats with no-bloat anti-malware & antivirus solutions.

CyberArts

CyberArts

CyberArts is founded on the belief that every single organization deserves and requires the creme de la creme when there is a need for Cyber services.

Absolute IT Asset Disposals

Absolute IT Asset Disposals

Absolute IT Asset Disposals is an IT asset disposal (ITAD) company providing safe and secure recycling of IT assets.

FutureCon Events

FutureCon Events

FutureCon produces cutting edge events aimed for Senior Level Professionals working in the security community, bringing together the best minds in the industry for a unique cybersecurity event.

Korn Ferry

Korn Ferry

Korn Ferry is a global organizational consulting firm, synchronizing strategy and talent to drive superior performance for our clients in key areas including cybersecurity.

Visium Technologies

Visium Technologies

Visium Analytics provides innovative data visualization, cybersecurity technologies and solutions to businesses to protect and secure their data assets.

Security Alliance

Security Alliance

Security Alliance provide bespoke cyber intelligence consulting and research services.

Binary Defense

Binary Defense

Binary Defense protect businesses of all sizes through advanced cybersecurity solutions including Managed Detection and Response, Security Information and Event Management and Counterintelligence.

Cyber Skyline

Cyber Skyline

Cyber Skyline is a revolutionary cloud platform to practice, develop, and measure your team's technical cybersecurity skills.

BIRD Cyber

BIRD Cyber

BIRD Cyber is a program to promote collaboration on cybersecurity and emerging technologies aimed at enhancing the cyber resilience of critical infrastructure.

Legit Security

Legit Security

Legit Security's mission is to secure every organization's software factory by protecting the pipelines, infrastructure, code and people for faster and more secure software releases.

IgmGuru

IgmGuru

Igmguru offers certification online training courses for IT professionals and students. Get certified with high-in-demand job-oriented professional courses.

Locuz

Locuz

At Locuz, we’ve made it our mission to help businesses like yours create an actionable digital strategy.

Venticento

Venticento

Venticento is an IT company specialized in consulting and network support and assistance for companies that need to make their business processes more effective.