Citizen Lab discovers new spyware used against Apple

Citizen Lab discovers new spyware used against Apple

Apple has issued a software patch to block so-called “zero-click” spyware that could infect all Apple devices including iPhones. Researchers at Citizen Lab at Toronto University found the glitch that allows hackers to access devices via the iMessages service also without users clicking on a file or a link.

Citizen Lab said it had high confidence that the Israeli firm NSO Group was behind the attack. NSO was recently pointed out as provider of hacker software used by governments to spy on politicians, journalists and activists.

Citizen Lab summarized its findings:

  • While analyzing the phone of a Saudi activist infected with NSO Group’s Pegasus spyware, we discovered a zero-day zero-click exploit against iMessage. The exploit, which we call FORCEDENTRY, targets Apple’s image rendering library, and was effective against Apple iOS, MacOS and WatchOS devices.
  • We determined that the mercenary spyware company NSO Group used the vulnerability to remotely exploit and infect the latest Apple devices with the Pegasus spyware. We believe that FORCEDENTRYhas been in use since at least February 2021.
  • The Citizen Lab disclosed the vulnerability and code to Apple, which has assigned the FORCEDENTRYvulnerability CVE-2021-30860 and describes the vulnerability as “processing a maliciously crafted PDF may lead to arbitrary code execution.”
  • Today, September 13th, Apple is releasing an update that patches CVE-2021-30860. We urge readers to immediately update all Apple devices.

As conclusions, the Citizen Lab said:

”Our latest discovery of yet another Apple zero day employed as part of NSO Group’s arsenal further illustrates that companies like NSO Group are facilitating “despotism-as-a-service” for unaccountable government security agencies. Regulation of this growing, highly profitable, and harmful marketplace is desperately needed.”

”Our finding also highlights the paramount importance of securing popular messaging apps. Ubiquitous chat apps have become a major target for the most sophisticated threat actors, including nation state espionage operations and the mercenary spyware companies that service them. As presently engineered, many chat apps have become an irresistible soft target. Without intense engineering focus, we believe that they will continue to be heavily targeted, and successfully exploited”, Citizen Lab said.

NSO in a statement to Reuters news agency did not comment on the Citizen Lab saying it was behind the new hack but just it would “continue to provide intelligence and law enforcement agencies around the world with life-saving technologies to fight terror and crime”.

Read Also:  Government spyware a threat against journalism

Moonshot News is an independent European news website for all IT, Media and Advertising professionals, powered by women and with a focus on driving the narrative for diversity, inclusion and gender equality in the industry.

Our mission is to provide top and unbiased information for all professionals and to make sure that women get their fair share of voice in the news and in the spotlight!

We produce original content, news articles, a curated calendar of industry events and a database of women IT, Media and Advertising associations.

[email protected]

Notify of
Inline Feedbacks
View all comments

    Do you want an experienced opinion on a job issue?

    Moonshot Manager is here to answer!

      Moonshot community sharing thoughts and ideas, in a anonymous, safe environment.