On Monday, Apple issued an emergency software update, for a vulnerability in its products after security researchers found a flaw that would allow, Israeli NSO group to hack iPhones, Apple watches and Mac computers without as much as a click.
After CitizenLab, the cybersecurity watchdog from the University of Toronto found out that a Saudi activist’s phone was attacked with an advanced version of a virus from the NSO Group, Apple’s security team worked around the clock to fix the issue.
The spyware called Pegasus uses a novel method to invisibly infect devices, without the victim’s knowledge. Known as a “zero-click remote exploit,” is considered to be very dangerous considering it allows anyone with the ability to use the spyware to spy on someone’s phone without tipping them off at all.
Using this method, the Pegasus virus could turn on a user’s camera and microphone, record messages, texts, emails, calls, even those sent via encrypted messaging and phone apps and then send them back to NSO’s clients at governments around the world.
CitizenLab, in March 2017, had conducted an analysis on a Saudi activist’s phone, who according to the cybersecurity researchers wishes to be anonymous, to see if the phone was hacked into by the NSO Group’s spyware. According to the researchers, a recent analysis of iTunes backup of the device showed several files with the extension “.gif”, in Library/SMS/Attachments, which according to the Lab were sent to the phone immediately before the NSO group breached the activist’s phone.
According to the researchers at CitizenLab, the format of the files matched two types of crashes which they had encountered before on another phone which was hacked by Pegasus. They suspected that the “.gif” files contained parts of the FORCEDENTRY exploit chain, a name given by the lab.
After the discovery, the lab forwarded the findings to Apple, on Tuesday, September 7th and the tech giants confirmed on the 13th of September that the files included a zero-day exploit against iOS and macOS. Designating the FORCEDENTRY to exploit CVE-2021-30860, and describing it as “processing a maliciously crafted PDF may lead to arbitrary code execution.”
It works by exploiting an integer overflow vulnerability in Apple’s image rendering library, CoreGraphics.
The discovery of the vulnerability meant that all 1.65 million Apple devices used around the world were vulnerable to an attack by the NSO Group’s spyware and sought a serious escalation of cybersecurity.
On Monday, Apple released the fix to the flaw and urged its users to run the latest update for the fixes to be in place, by installing iOS 14.8, MacOS 11.6 and WatchOS 7.6.2.