Apple's Emergency Patch For NSO Hack

Uploaded on 2021-09-14 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Apple has released an emergency software patch to fix a security vulnerability that researchers have said allows hackers to directly infect iPhones and other Apple devices without any user action. Apple was not aware of the attack until researchers found evidence of it on a Saudi activist's phone. The  patch is to fix a major vulnerability in iMessage.

Security researchers found the vulnerability when they were investigating the potential hack of a Saudi activist’s iPhone, says Citizen Lab, a digital rights group housed at the University of Toronto's Munk School that has been analysing the Israeli NSO Group spyware. 

Malicious image files were transmitted to the activist’s phone via the iMessage instant-messaging app before it was hacked with NSO’s Pegasus spyware, which opens a phone to allow spying and remote data theft. “While analysing the phone of a Saudi activist infected with NSO Group’s Pegasus spyware, we discovered a zero-day zero-click exploit against iMessage...  
The exploit, which we call FORCEDENTRY, targets Apple’s image rendering library, and was effective against Apple iOS, MacOS and WatchOS devices.”

Pegasus is a powerful spyware that is capable of turning on a target’s camera and microphone to record messages, texts, emails, and calls, even if they’re sent via encrypted messaging apps. 

“We determined that the mercenary spyware company NSO Group used the vulnerability to remotely exploit and infect the latest Apple devices with the Pegasus spyware. We believe that FORCEDENTRY has been in use since at least February 2021” says Citizen Lab.

Researchers believe the attack was carried out by a customer of NSO, the infamous Israeli company that sells spyware to dozens of governments all over the world. 

The hack relied on an unknown vulnerability, also known as a zero-day in iMessage, which allowed the hackers to take over a target’s phone by sending them a message that was effectively invisible. These kinds of attacks are called zero-click exploits, as they don’t require the victim to click on anything.  The breach was significant because the flaws exploited the latest iPhone software at the time, both iOS 14.4 and later iOS 14.6, which Apple released in May. But the exploit broke through new iPhone defences that Apple had embedded into iOS 14, named BlastDoor, which were supposed to prevent silent attacks by filtering potentially malicious code. 

Zero click remote exploits are used to  infect a device without the victim’s knowledge or the need for the victim to click on anything at all and can be used to infect victim devices for as long as six months. They are principally used by governments, mercenaries and criminals who want to secretly monitor targets’ devices undetected.

Citizen Lab:    Vice:    The Register:    Flipboard:     Independent:      Threatpost:     Times Colonist:   

Image: Unsplash

You Might Also Read: 

The Spycraft Revolution:

 

« CYRIN Webinar - Stop Ransomware In Its Tracks
National Cybersecurity Failings: How Businesses Can Improve Their Security »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Cyber Exec

Cyber Exec

Cyber Exec is an executive search firm dedicated to global talent acquisition in Cyber Security, Information Technology, Defense...

Prevalent

Prevalent

Prevalent takes the pain out of third-party risk management. Companies use our services to eliminate the security and compliance exposures that come from working with vendors and suppliers.

Smokescreen

Smokescreen

Smokescreen's IllusionBLACK employs deception technology to detect, deflect and defeat advanced hacker attacks.

Carbonite

Carbonite

Carbonite offers all the tools necessary for protecting data from the most common forms of data loss, including ransomware, accidental deletions, hardware failures and natural disasters.

Celerium

Celerium

Celerium transforms cyber defense for both companies and industry sectors by leveraging cyber threat intelligence to defend against cyber threats and attacks.

Drootoo

Drootoo

Drootoo is transforming businesses and making them high performing entities with its unified cloud platform.

SecureWorx

SecureWorx

SecureWorx are a secure multi-cloud MSP, a provider of advanced IT security services and an independent cyber security advisory.

PreCog Security

PreCog Security

PreCog Security is a US based cybersecurity risk mitigation company. We specialize in helping you find, minimize and manage vulnerability risk within your product, network and process.

ClubCISO

ClubCISO

ClubCISO is a community of peers, working together to help shape the future of the information security profession by facilitating independent discussion on data security and cyber resilience.

du

du

du is a telecommunications service provider providing UAE businesses with a vast range of ICT and managed services.

ClosingLock

ClosingLock

ClosingLock is the leading provider of wire fraud prevention software for the real estate industry.

MailChannels

MailChannels

MailChannels protects companies against malicious email threats. Used by 750+ hosting providers around the world.

Security BSides Cayman Islands

Security BSides Cayman Islands

Security BSides is a non-profit, community-driven event built for and by information security community members. Our aim is to help build an Information Security community in the Cayman Islands.

Cyclops

Cyclops

Cyclops is the first Contextual Search Platform for cybersecurity.

Enterprise Strategy Group

Enterprise Strategy Group

Enterprise Strategy Group, a division of TechTarget, is an IT analyst, research, validation, and strategy firm that provides market intelligence and actionable insight to the global IT community.

CRYPTIQ

CRYPTIQ

CRYPTIQ empowers businesses to navigate the ever-evolving cybersecurity landscape with confidence and clarity.