Apple's iOS 14.8 Update Fixes Zero-Click Exploit Used to Distribute Pegasus Spyware - MacRumors
Skip to Content

Apple's iOS 14.8 Update Fixes Zero-Click Exploit Used to Distribute Pegasus Spyware

by

Today's iOS 14.8 update addresses a critical vulnerability that Apple engineers have been working around the clock to fix, reports The New York Times.

nso israeli surveillance firm
Last week, The Citizen Lab informed Apple about a new zero-click iMessage exploit targeting Apple's image rendering library. Called FORCEDENTRY, the exploit could infect an iPhone, iPad, Apple Watch, or Mac with the Pegasus spyware, providing access to the camera and microphone in addition to allowing access to text messages, phone calls, and emails.

FORCEDENTRY was distributed by Israel's NSO Group to governments and various other entities, and The Citizen Lab discovered it after analyzing the iPhone of a Saudi activist. Details were sent to Apple on September 7, and Apple took a week to fix the bug. According to The Citizen Lab, FORCEDENTRY has been in use since at least February 2021.

"This spyware can do everything an iPhone user can do on their device and more," said Citizen Lab senior researcher John-Scott Railton.

Apple lists the fix as CVE-2021-30860, and described it as a maliciously crafted PDF that could lead to arbitrary code execution.

Back in July, a slew of media reports highlighted zero-click iMessage exploits called Pegasus, which were distributed by Israeli surveillance firm NSO Group and were used to target journalists, lawyers, and human rights activists around the world. A database of more than 50,000 people who had been targeted by NSO's clients was made public at the time.

The Pegasus spyware is notable because it skirts BlastDoor, specific iMessage protections that Apple put into place in with the launch of iOS 14. BlastDoor is a sandbox security system for Messages that's designed to prevent exploits like Pegasus, but it's still a work in progress.

Apple told The New York Times that it plans to add spyware barriers to the iOS 15 software update to prevent similar attacks in the future.

Note: Due to the political or social nature of the discussion regarding this topic, the discussion thread is located in our Political News forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Tags: Apple Security, Security

Popular Stories

iPhone 11 Pro Feature Green

Apple's A12 and A13 Chips Facing New Unpatchable Exploit

Thursday June 18, 2026 9:17 am PDT by
Security research firm Paradigm Shift today published details of a new BootROM vulnerability affecting Apple's A12 and A13 chips, along with a working proof-of-concept exploit named "usbliter8." The BootROM, or SecureROM, is the first code an iPhone runs when it powers on. Because it is baked directly into the chip at manufacture, any vulnerability found there cannot be fixed with a software ...
Read Full Article82 comments
apple price hike

Apple Just Increased Prices on MacBooks, iPads, and More

Thursday June 25, 2026 5:44 am PDT by
Apple today dramatically increased device prices across multiple product lines. Subscribe to the MacRumors YouTube channel for more videos. After temporarily taking it down earlier today, Apple's online store is back up with a series of product price increases. The changes are as follows: HomePod mini: $129, up from $99 (+$30) HomePod: $349, up from $299 (+$50) Apple TV: $199, up from...
Read Full Article1011 comments
iphone 17 ceramic shield

2027 iPhone 18 and iPhone 18e to Get 9GB RAM and A20 Chip

Friday June 26, 2026 9:57 am PDT by
The lower-end iPhone 18 models set to launch in spring 2027 will feature 9GB DRAM, up from 8GB, according to Apple analyst Ming-Chi Kuo. Kuo says the A20 chip Apple plans to use for the devices will have 1.5GB x 6 dies for a total of 9GB RAM, instead of 2GB x 4 dies as the current lower-end iPhone 17 models use. By lower-end iPhones, Kuo is likely referencing the iPhone 18 and the iPhone...
Read Full Article141 comments

Top Rated Comments

I
iStorm
63 months ago

Just turn this off!


And for even more security...



Attachment Image
Score: 41 Votes (Like | Disagree)
Mantahoe Avatar
Mantahoe
63 months ago

Just turn this off!


This is dumb. Regular sms is worse security-wise.
Score: 32 Votes (Like | Disagree)
A
adbe
63 months ago

Why did apple not start on this back in July?
Because they didn't know about this particular exploit back in July. The article makes that pretty clear.
Score: 16 Votes (Like | Disagree)
Benjamin Nabulsi Avatar
Benjamin Nabulsi
63 months ago
Why Apple, Google, and Microsoft don't sue such companies and run their resources to the ground?
Score: 16 Votes (Like | Disagree)
V
Villarrealadrian
63 months ago
Well this is great News!
Score: 16 Votes (Like | Disagree)
mw360 Avatar
mw360
63 months ago

Why did apple not start on this back in July?
There are a series of clues in all those words underneath the picture.
Score: 15 Votes (Like | Disagree)
Read All Comments