Citizen Lab says it found evidence of ForcedEntry on an activist's iPhone and the exploit worked on iPads, Macs, and Watches as well, prior to recent updates
Citizen Lab says the ForcedEntry flaw affects all iPhones, iPads, Macs and Watches — Apple has released security updates … Source: The Citizen Lab .
TechCrunch Zack Whittaker
Related Coverage
- Israeli spyware firm targeted Apple devices via iMessage, researchers say The Guardian · Stephanie Kirchgaessner
- Apple Cyber Flaw Allows Silent iPhone Hack Through iMessage Wall Street Journal · Robert McMillan
- View article CNET
- View article Reuters
- View article HotHardware.com News
- Apple rushes to block ‘zero-click’ iPhone spyware BBC · Joe Tidy
- Security, Supply Chain Issues Overshadow Apple's Annual Product Debuts PYMNTS.com
- View article Trusted Reviews
- View article Security Boulevard
- View article Apple Must
- Apple releases emergency update: Patch, but don't panic Malwarebytes Labs
- Apple issued a patch to the FORCEDENTRY flaw as experts urge acting fast cybernews.com · Vilius Petkauskas
- Apple Releases iOS 14.8: Unprecedented Security Update Heralds New iPhone Feature Forbes · David Phelan
- iPhone, iPad, Apple Watch, Mac Users ‘Highly Vulnerable’ To Invasive Spyware; Apple Issues Emergency Update International Business Times · Nica Osorio
- Apple releases emergency updates for iOS, iPadOS, macOS and watchOS 7.6.2 to prevent Pegasus spyware gHacks Technology News · Ashwin
- Update your Apple devices NOW, because ‘Pegasus’ is loose TNW · Ivan Mehta
- Apple is about to unveil the new iPhone and other gadgets. New York Times
- Apple releases iOS 14.8 to fix new zero-click exploit allegedly used by NSO Group XDA Developers · Mahmoud Itani
- Why Does Apple Need You to Update Your Device Immediately? MUO · Gavin Phillips
- Apple Releases Urgent Patch Following Discovery of Pegasus Spyware infosecurity-magazine.com · James Coker
- Apple patches ForcedEntry vulnerability used by spyware firm NSO ComputerWeekly.com · Alex Scroxton
- Apple fixes “zero-click” iMessage zero-day exploited to deliver spyware (CVE-2021-30860) Help Net Security · Zeljka Zorz
- Apple issues urgent security patch for Pegasus backdoor on all devices Silicon Republic · Jack Kennedy
- iOS 14.8 closes FORCEDENTRY zero-click exploit linked to Pegasus spyware SlashGear · JC Torres
- Apple updates software to address NSO Group ‘Forcedentry’ exploit SiliconANGLE · Duncan Riley
- Apple Releases Emergency iOS 14.8, iPadOS 14.8 Patch To Fix Pegasus Exploit Ubergizmo · Tyler Lee
- NSO Group iMessage Zero-Click Exploit Captured in the Wild The Citizen Lab
- Apple Issues Emergency Security Updates to Close a Spyware Flaw New York Times · Nicole Perlroth
- New Pegasus hack found targeting Apple devices through iMessage, researchers say Washington Post
- Apple Security is Garbage—Change My Mind Security Boulevard · Richi Jennings
- Cyber arms dealer exploits new iPhone software vulnerability, affecting most versions, say researchers The Economic Times
- Apple Issues Urgent Updates to Fix New Zero-Day Linked to Pegasus Spyware The Hacker News · Ravie Lakshmanan
- I've installed the new Apple updates. Have you? Philip Elmer‑DeWitt · Philip Elmer-DeWitt
- About the security content of iOS 14.8 and iPadOS 14.8 Apple Support
- Apple Patches Zero-Click iMessage Hack Used by NSO VICE · Lorenzo Franceschi-Bicchierai
- Apple Rushes Out Emergency Update to Stop ‘No Click’ Spyware Bloomberg
- Apple security updates Apple Support
- Apple emergency patches fix zero-click iMessage bug used to inject NSO spyware The Register · Thomas Claburn
- iOS 14.8 update is out — why it's critical for iPhone users Laptop Mag · Kimberly Gedeon
- Apple Issues Critical Patch To Fix Security Hole Exploited By Spyware Company Associated Press
- September 2021 iOS, iPadOS, watchOS, macOS, and Safari security update brings spyware fix Huawei Central · Amy Sarkar
- Apple Pushes Out Security Update For iPhone, iPad, Mac, Apple Watch: Why You Should Update Urgently Benzinga
- iPhone users need to update to iOS 14.8 right now Trusted Reviews · Gemma Ryles
- Apple issues urgent iPhone software update to address critical spyware vulnerability CNN · Sean Lyngaas
Discussion
-
@racheltobac
Rachel Tobac
on x
Big Apple 0-day in the wild. If you have an elevated threat model (activist, journalist, being harassed, in the public eye, etc) would recommend updating software on all Apple devices within the hour, if possible. All folks with all threat models, by EOD. https://techcrunch.com/.…
-
@shanehuntley
Shane Huntley
on x
Since at least February, NSO, provider of choice to repressive regimes, has been able to silently take over any iPhone/Mac with a zero click exploit. Great find by Citizen Lab and good work by Apple to patch, but it shows how far away we all are from any real security. https://tw…
-
@ericgeller
Eric Geller
on x
Apple just fixed a serious vulnerability in iOS that Citizen Lab discovered being used to spy on a Saudi activist, possibly through NSO Group software. The “zero-click” hack relied on an invisible message containing a malicious PDF. https://www.vice.com/... https://support.apple.…
-
@drewharwell
Drew Harwell
on x
@citizenlab ... More news here: Amnesty's Security Lab has continued testing phones, and at least 10 of the 15 new confirmed infections / attempts were on the #PegasusProject list https://www.washingtonpost.com/ ... Human-rights activist and princess ally among the hacked: https:…
-
@bidar411
Musadiq Bidar
on x
Apple commends @citizenlab for helping it quickly develop an urgent patch to address a critical spyware vulnerability Statement from Apple's head of Security Engineering and Architecture, Ivan Krstić: https://twitter.com/...
-
@theclemreport
Clem
on x
Heads up for the blue bubbles in the Twitter fam #Twitterfam https://twitter.com/...
-
@nicoleperlroth
Nicole Perlroth
on x
The only reason I've ever been able to track government abuse of NSO spyware is because someone came directly to me or @citizenlab with a suspicious link. Zero-click remote exploitation makes defenders and journalists' jobs so much harder. https://twitter.com/...
-
@viss
@viss
on x
wow. they weaponized gifs. https://twitter.com/... https://twitter.com/...
-
@kaepora
Nadim Kobeissi
on x
Citizen Lab has seems to have quietly dropped its practice of making nation-state attribution based on inadequate evidence. This is really good news. I hope this will continue and, optimally, that such previous claims will be revisited/played down. https://citizenlab.ca/...
-
@ericgarland
Eric Garland
on x
Meanwhile, Netanyahu's criminal trials have started up again! Excellent timing. https://twitter.com/...
-
@k3ym0
@k3ym0
on x
@evacide and until @Apple starts to seriously improve the bug bounty program, there's little incentive (other than ethics/morals) to persuade people from selling their 0-days to NSO, or other entities with an adversarial intent.
-
@k3ym0
@k3ym0
on x
@evacide I think it's important that we all remember that NSO likely has an entire bank of 0-days, and this just means that they're going to have to rewrite the malware with a new one
-
@zackwhittaker
Zack Whittaker
on x
New: Citizen Lab says NSO's “ForcedEntry” zero-day exploit, which skirts iOS 14's ‘BlastDoor’ protections, works on *all Apple devices*. Apple has updates out for iPhones, iPads, Macs, and Watches. Citizen Lab urges device owners to update immediately. https://techcrunch.com/...
-
@jsrailton
John Scott-Railton
on x
🚨 UPDATE YOUR APPLE DEVICES NOW🚨 We caught a zero-click, zero day iMessage exploit used by NSO Group's #Pegasus spyware. Target? Saudi activist. We reported the #FORCEDENTRY exploit to @Apple, which just pushed an emergency update. THREAD 1/ https://citizenlab.ca/... https://twit…
-
@nicoleperlroth
Nicole Perlroth
on x
BIG NEWS: Do you own an Apple product? UPDATE IT NOW. New zero-click NSO Group #Pegasus spyware has been infecting iPhones, Macs, Watches. This is the Holy Grail of surveillance capabilities and you are vulnerable until you update. https://www.nytimes.com/...
-
@patrickwardle
Patrick Wardle
on x
Ah, more iOS vulnerabilities being exploited as 0days in the wild 😱😭 See iOS 14.8 security notes: https://support.apple.com/... https://twitter.com/...
-
@markgurman
Mark Gurman
on x
Apple says Messages exploit “not a threat to the overwhelming majority of our users” and that it is working on new protections. It also thanks Citizen Lab for obtaining a sample of the exploit and its help fixing the issue. https://twitter.com/... https://twitter.com/...
-
@slightlylate
Alex Russell
on x
It's absolutely medieval that Apple requires a ~300MiB download + a system reboot — ~15 minutes end-to-end — to apply a WebKit patch. https://9to5mac.com/... See also: https://infrequently.org/... https://twitter.com/...
-
@dangillmor
Dan Gillmor
on x
Apple could spend a rounding error of a rounding error of its cash and put the evil NSO out of business. But it just reacts. Meanwhile everyone remains at risk from these slimeballs. https://twitter.com/...
-
@nicoleperlroth
Nicole Perlroth
on x
Tell me one more time how zero-days aren't a big deal. https://twitter.com/...
-
@evan_greer
Evan Greer
on x
If you have an iPhone update it right now. And then get to one of these protests to keep Apple's own proposed proprietary spyware off your phone too! https://nospyphone.com/#map https://twitter.com/...
-
@psythor
James O'Malley
on x
Massive news. Tim Cook must be absolutely relieved the iPhone 13 announcement on Tuesday has presumably already been prerecorded. https://twitter.com/...
-
@hrbrmstr
@hrbrmstr
on x
🚨macOS Catalina folks: Apple dropped 11.6 that has a fixs for a _nasty_ *actively exploited* vulns in (CVE-2021-30860) PDF ops and (CVE-2021-30858) WebKit. You know the drill. https://support.apple.com/...
-
@jjz1600
James J. Zogby
on x
So now they tell us! The Israeli co. #Pegasus has no-click spyware that can steal your data, turn on your camera, read encrypted messages, & make them available to countries that buy their services. It's cyber rape & a crime. Congress must investigate. https://www.nytimes.com/...
-
@mehdirhasan
Mehdi Hasan
on x
When will Congress hold hearings on this? How is the NSO Group allowed to get away with this stuff? A foreign (yes, Israeli) company jeopardizing the basic liberties of Americans. Aren't Republicans supposed to be obsessed with liberties or is that only for masks and vaccines?? h…
-
@donie
Donie O'Sullivan
on x
Absolutely terrifying. Complete access to your iPhone without even clicking anything. https://twitter.com/...
-
@juddlegum
Judd Legum
on x
Tweeting this while updating my phone. https://twitter.com/...
-
@wajahatali
Wajahat Ali
on x
Researchers at Citizen Lab found that NSO Group, an Israeli spyware company, had infected Apple products without so much as a click. Nice, nice. https://www.nytimes.com/...
-
@fightfortheftr
@fightfortheftr
on x
Yes. Do this. But then go to https://nospyphone.com/ to tell @Apple not to install their own proprietary malware on your iPhone. #NoSpyPhone #AppleEvent https://twitter.com/...
-
@zackwhittaker
Zack Whittaker
on x
Citizen Lab's findings are out. If you own an Apple device, update today. “The exploit, which we call FORCEDENTRY, targets Apple's image rendering library, and was effective against Apple iOS, MacOS and WatchOS devices.” https://citizenlab.ca/...
-
@maddiestone
Maddie Stone
on x
Apple patches two in-the-wild 0-days: 1 in CoreGraphics (CVE-2021-30860) for iOS and 1 in WebKit (CVE-2021-30858) https://support.apple.com/...
-
@lukolejnik
Lukasz Olejnik
on x
iOS 14.8 come with two inportant security fixes. “maliciously crafted PDF may lead to arbitrary code execution”, “maliciously crafted web content may lead to arbitrary code execution”. Bugs actively exploited, so: update. https://support.apple.com/...