Apple patches vulnerability exploited by NSO Group spyware

Apple patches vulnerability exploited NSO Group spyware

Apple released updates this week for macOS,  iOS, iPadOS,  and watchOS. Among other things, the company fixed a 0-day vulnerability dubbed ForcedEntry. For this problem, there was an exploit that was created by the Israeli company NSO Group, which produces “legal spivari”. Since the beginning of this year, this exploit has been used to hack the phones of a number of activists.

The ForcedEntry issue was identified as CVE-2021-30860 and was an integer overflow bug in the CoreGraphics component that is used to draw 2D graphics. ForcedEntry allowed NSO Group clients to send malicious PDFs to victims’ devices and run arbitrary code on iOS and macOS, eventually leading to system hijacking and the installation of Pegasus spyware.

In reports published by Citizen Lab in  August and this week, researchers said they found several activists in Bahrain and Saudi Arabia using ForcedEntry on iPhones. Researchers believe that this exploit has been used in attacks since at least February 2021, and the NSO Group created it to bypass the BlastDoor security feature that Apple added in iOS 14 in the fall of 2020.

Citizen Lab experts point out that, judging by the logs of infected iPhones, there are two separate zero-click exploits for iMessage: Kismet, which targets devices running iOS 13.5.1, and ForcedEntry, which targets the latest devices running iOS 14.

In addition to ForcedEntry, Apple has fixed another dangerous problem in its products: another zero-day use-after-free vulnerability, CVE-2021-30858. This bug was discovered by an anonymous researcher and is related to the operation of the Safari browser engine (WebKit).

The issue allowed attackers to create malicious pages that could lead to command execution when visited from an iPhone and macOS device. It is reported that this vulnerability was also used to attack users, but so far there are no details about these incidents.

Catch up on more stories here

Follow us on Facebook here

Leave a Reply