Apple this week released several security updates to patch the “FORCEDENTRY” vulnerability on iOS devices. The “zero-click, zero-day” vulnerability has been actively exploited by Pegasus, a spyware app developed by the Israeli company NSO Group, which is known to target activists, journalists and prominent people around the world. Is.
Tracked as CVE-2021-30860, exploiting the vulnerability requires little or no interaction by an iPhone user – hence the name “FORCEDENTRY”.
Searched on a Saudi worker’s iPhone
In March, researchers civil laboratory decided to analyze the iPhone of an unnamed Saudi worker who was targeted by NSO Group’s Pegasus spyware. They obtained an iTunes backup of the device, and a review of the dump revealed 27 copies of a mysterious GIF file in various locations—except the files were not images.
They were Adobe Photoshop PSD files saved with the “.gif” extension; The sharp-witted researchers determined that files with Pegasus spyware were “sent to the phone immediately before they were hacked”.
“Despite the extension, the file was actually a 748-byte Adobe PSD file. Each copy of this file caused a imTranscoderAgent device crashes,” the researchers explained in their report good.
because these crashes were similar Behaviour Previously seen on the hacked iPhones of nine Bahraini activists by the same researchers, researchers suspected the GIFs were part of the same exploit chain. There were also some other fake GIFs on the device; They were thought to be malicious Adobe PDFs with long file names.
Citizen Lab disclosed the vulnerability and code to Apple, which assigned the FORCEDENTRY vulnerability CVE-2021-30860 and describes the vulnerability as ‘processing a maliciously generated PDF could lead to arbitrary code execution, The report’s authors explained.
Researchers say the vulnerability has been remotely exploited by the NSO group since at least February 2021 to infect the latest Apple devices with Pegasus spyware.
Apple has issued several security advisories
Yesterday, Apple released several protections Update To fix CVE-2021-30860 in macOS, watchOS and iOS devices. Apple says the vulnerability could be exploited “by processing maliciously generated PDFs” and providing attacker code execution capabilities.
“Apple is aware of a report that this issue may be actively exploited,” wrote Apple one of the advice, not releasing any further information on how the flaw can be exploited.
iPhone and iPad users should install the latest OS versions, iOS 14.8 and iPadOS 14.8, to fix the defect. Mac users should upgrade to Catalina 2021-005 or macOS Big Sur 11.6. Apple Watch wearers should be getting watchOS 7.6. All versions prior to the definitive release are at risk.
Another arbitrary code execution vulnerability was reported in the Safari browser by an anonymous researcher. Tracked as CVE-2021-30858, the use-after-free vulnerability was also detected in a . patched by Update Released in Safari 14.1.
“We all possess highly sophisticated personal tools that have profound implications for personal privacy. There are many examples of [these risks], such as app data collection–which Apple has recently moved to curb App Tracking Transparency Framework,” Jesse Rothstein, CTO and co-founder of network security firm XtraHop, told Ars. “Any sufficiently sophisticated system has security vulnerabilities that can be exploited, and mobile phones are no exception. “
“Pegasus shows how unknown vulnerabilities can be exploited to access highly sensitive personal information,” Rothstein said. “The NSO Group is an example of how governments can essentially outsource or buy weaponized cyber capabilities. In my view, it’s no different than an arms deal–it’s not regulated that way. Companies always have to. We have to address our vulnerabilities, but regulations will help prevent some of these cyber weapons from being misused or falling into the wrong hands.”