Today’s iOS 14.8 update addresses a critical vulnerability exploited by Israel’s NSO Group’s Pegasus spyware. Recall that the German authorities have recently admitted to purchasing this product.
Last week, Citizen Lab informed Apple about a new iMessage vulnerability targeting the image rendering library. Called FORCEDENTRY, this exploit allows attackers to hack iPhone, iPad, Apple Watch and Mac by sending a special message to the victim’s device via iMessage. Of particular concern is the fact that no user confirmation action is required to exploit the vulnerability.
FORCEDENTRY is actively used by the Israeli NSO Group’s Pegasus spyware. Citizen Lab researchers discovered the vulnerability after analyzing the jailbroken iPhone of a Saudi Arabian activist. The details were sent to Apple on September 7th, and it took the company a week to close the security hole. According to Citizen Lab, the FORCEDENTRY vulnerability has been exploited since at least February 2021.
Apple, while describing the fix, reports on the CVE-2021-30860 vulnerability, which can be exploited by a malicious PDF file to execute arbitrary code on a device.
In July of this year, there were many reports in the media about the iMessage vulnerability, which allows you to get full access to the device without the user’s knowledge. Later, a database containing data from more than 50 thousand people who became victims of the Pegasus software was leaked to the network. Pegasus spyware is notable for its ability to bypass BlastDoor, a messaging sandbox designed to prevent such attacks.
Now iPhone users are safe again. Apple says it will add a number of new spyware barriers to the final version of iOS 15 to keep iPhone users free of privacy concerns.