Apple has issued a software patch to block so-called “zero-click” spyware that could infect all Apple devices including iPhones. Researchers at Citizen Lab at Toronto University found the glitch that allows hackers to access devices via the iMessages service also without users clicking on a file or a link.
Citizen Lab said it had high confidence that the Israeli firm NSO Group was behind the attack. NSO was recently pointed out as provider of hacker software used by governments to spy on politicians, journalists and activists.
Citizen Lab summarized its findings:
- While analyzing the phone of a Saudi activist infected with NSO Group’s Pegasus spyware, we discovered a zero-day zero-click exploit against iMessage. The exploit, which we call FORCEDENTRY, targets Apple’s image rendering library, and was effective against Apple iOS, MacOS and WatchOS devices.
- We determined that the mercenary spyware company NSO Group used the vulnerability to remotely exploit and infect the latest Apple devices with the Pegasus spyware. We believe that FORCEDENTRYhas been in use since at least February 2021.
- The Citizen Lab disclosed the vulnerability and code to Apple, which has assigned the FORCEDENTRYvulnerability CVE-2021-30860 and describes the vulnerability as “processing a maliciously crafted PDF may lead to arbitrary code execution.”
- Today, September 13th, Apple is releasing an update that patches CVE-2021-30860. We urge readers to immediately update all Apple devices.
As conclusions, the Citizen Lab said:
”Our latest discovery of yet another Apple zero day employed as part of NSO Group’s arsenal further illustrates that companies like NSO Group are facilitating “despotism-as-a-service” for unaccountable government security agencies. Regulation of this growing, highly profitable, and harmful marketplace is desperately needed.”
”Our finding also highlights the paramount importance of securing popular messaging apps. Ubiquitous chat apps have become a major target for the most sophisticated threat actors, including nation state espionage operations and the mercenary spyware companies that service them. As presently engineered, many chat apps have become an irresistible soft target. Without intense engineering focus, we believe that they will continue to be heavily targeted, and successfully exploited”, Citizen Lab said.
NSO in a statement to Reuters news agency did not comment on the Citizen Lab saying it was behind the new hack but just it would “continue to provide intelligence and law enforcement agencies around the world with life-saving technologies to fight terror and crime”.