Apple's iOS 14.8 Update Fixes Zero-Click Exploit Used to Distribute Pegasus Spyware

Today's iOS 14.8 update addresses a critical vulnerability that Apple engineers have been working around the clock to fix, reports The New York Times.

nso israeli surveillance firm
Last week, The Citizen Lab informed Apple about a new zero-click iMessage exploit targeting Apple's image rendering library. Called FORCEDENTRY, the exploit could infect an iPhone, iPad, Apple Watch, or Mac with the Pegasus spyware, providing access to the camera and microphone in addition to allowing access to text messages, phone calls, and emails.

FORCEDENTRY was distributed by Israel's NSO Group to governments and various other entities, and The Citizen Lab discovered it after analyzing the ‌iPhone‌ of a Saudi activist. Details were sent to Apple on September 7, and Apple took a week to fix the bug. According to The Citizen Lab, FORCEDENTRY has been in use since at least February 2021.

"This spyware can do everything an ‌iPhone‌ user can do on their device and more," said Citizen Lab senior researcher John-Scott Railton.

Apple lists the fix as CVE-2021-30860, and described it as a maliciously crafted PDF that could lead to arbitrary code execution.

Back in July, a slew of media reports highlighted zero-click iMessage exploits called Pegasus, which were distributed by Israeli surveillance firm NSO Group and were used to target journalists, lawyers, and human rights activists around the world. A database of more than 50,000 people who had been targeted by NSO's clients was made public at the time.

The Pegasus spyware is notable because it skirts BlastDoor, specific iMessage protections that Apple put into place in with the launch of iOS 14. BlastDoor is a sandbox security system for Messages that's designed to prevent exploits like Pegasus, but it's still a work in progress.

Apple told The New York Times that it plans to add spyware barriers to the iOS 15 software update to prevent similar attacks in the future.

Note: Due to the political or social nature of the discussion regarding this topic, the discussion thread is located in our Political News forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Top Rated Comments

iStorm Avatar
5 weeks ago

Just turn this off!


And for even more security...



Attachment Image
Score: 41 Votes (Like | Disagree)
Mantahoe Avatar
5 weeks ago

Just turn this off!


This is dumb. Regular sms is worse security-wise.
Score: 32 Votes (Like | Disagree)
Villarrealadrian Avatar
5 weeks ago
Well this is great News!
Score: 16 Votes (Like | Disagree)
Benjamin Nabulsi Avatar
5 weeks ago
Why Apple, Google, and Microsoft don't sue such companies and run their resources to the ground?
Score: 16 Votes (Like | Disagree)
adbe Avatar
5 weeks ago

Why did apple not start on this back in July?
Because they didn't know about this particular exploit back in July. The article makes that pretty clear.
Score: 16 Votes (Like | Disagree)
mw360 Avatar
5 weeks ago

Why did apple not start on this back in July?
There are a series of clues in all those words underneath the picture.
Score: 15 Votes (Like | Disagree)

Related Stories

nso israeli surveillance firm

Report: Pegasus Spyware Sold to Governments Uses Zero-Click iMessage Exploit to Infect iPhones Running iOS 14.6

Monday July 19, 2021 12:35 am PDT by
Journalists, lawyers, and human rights activists around the world have been targeted by authoritarian governments using phone malware made by Israeli surveillance firm NSO Group, according to multiple media reports. An investigation by 17 media organizations and Amnesty International's Security Lab uncovered a massive data leak, indicating widespread and continuing abuse of the commercial...
iOS 15 General Feature Purple

Apple Releases iOS 15.0.2 With Messages Photo Bug Fix, Security Update and More

Monday October 11, 2021 10:04 am PDT by
Apple today released iOS 15.0.2, the second update to the iOS 15 operating system that was released in September. iOS 15.0.2 comes a week and a half after the launch of iOS 15.0.1, a bug fix update. The iOS 15.0.2 update can be downloaded for free and the software is available on all eligible devices over-the-air in the Settings app. To access the new software, go to Settings > General >...
iOS 15 General Feature Purple

Apple Releases iOS 15.0.1 With Fix for Apple Watch Unlocking Bug on iPhone 13 Models

Friday October 1, 2021 10:06 am PDT by
Apple today released iOS 15.0.1, which is the first official update to the iOS 15 operating system that was released in September. iOS 15.0.1 comes two weeks after the launch of iOS 15, and it is a bug fix update. The iOS 15.0.1 update can be downloaded for free and the software is available on all eligible devices over-the-air in the Settings app. To access the new software, go to Settings...
iOS 15 General Feature Red ORange

iOS 15 Suffering From Several Bugs as Adoption Rises to Nearly 20%

Thursday September 30, 2021 9:02 am PDT by
iOS 15 adoption has reached an estimated 19.3% since the software update was released September 20, according to mobile analytics company Mixpanel. Mixpanel measures iOS adoption based on visits to websites and apps that use its mobile analytics SDKs, so the data is not official. Apple has yet to share iOS 15 adoption stats, having last reported an 85% adoption rate for iOS 14 back in June. ...
iPhone 13 Security

Researcher Says Apple Ignored Three Zero-Day Security Vulnerabilities Still Present in iOS 15

Friday September 24, 2021 10:42 am PDT by
In 2019, Apple opened its Security Bounty Program to the public, offering payouts up to $1 million to researchers who share critical iOS, iPadOS, macOS, tvOS, or watchOS security vulnerabilities with Apple, including the techniques used to exploit them. The program is designed to help Apple keep its software platforms as safe as possible. In the time since, reports have surfaced indicating...
FaceID Masked Triad

iOS 15.1 Beta 2 Fixes Bug Preventing iPhone 13 Users From Unlocking With Apple Watch When Masked

Tuesday September 28, 2021 10:54 am PDT by
Apple today seeded the second beta of iOS 15.1 to developers, and the update includes a fix for an annoying bug that's been affecting iPhone 13 owners who also have an Apple Watch. With beta 2, the Unlock with Apple Watch feature that was broken has been fixed, and an authenticated Apple Watch can once again be used to unlock an iPhone 13 model when wearing a mask. Prior to the update,...
iPhone 13 Security

Apple Apologizes to Researcher for Ignoring iOS Vulnerabilities, Says It's 'Still Investigating'

Monday September 27, 2021 12:55 pm PDT by
Last week, security researcher Denis Tokarev made several zero-day iOS vulnerabilities public after he said that Apple had ignored his reports and had failed to fix the issues for several months. Tokarev today told Motherboard that Apple got in touch after he went public with his complaints and after they saw significant media attention. In an email, Apple apologized for the contact delay...
iphone6plus

Apple Releases iOS 12.5.5 Update for Older iPhones With Fix for Zero-Day Exploit

Thursday September 23, 2021 9:59 am PDT by
Apple today released an iOS 12.5.5 update for older iPhones and iPads that are not able to run the current version of iOS, iOS 15. The update can be downloaded over-the-air by going to the Settings app, tapping on "General," and selecting the "Software Update" option. There's no word yet on what's included in the iOS 12.5.5 update, but according to Apple's release notes, it is a security...
iOS 14 on iPhone feature emergency

Apple Releases iOS 14.8 and iPadOS 14.8 With Security Updates

Monday September 13, 2021 9:57 am PDT by
Apple today released iOS 14.8, marking the eighth major update to the iOS operating system that came out in September 2020. iOS 14.8 comes two months after the release of iOS 14.7, an update that introduced MagSafe Battery Pack support. The iOS 14.8 update can be downloaded for free and the software is available on all eligible devices over-the-air in the Settings app. To access the new...
Child Safety Feature Purple

Apple's Proposed Phone-Scanning Child Safety Features 'Invasive, Ineffective, and Dangerous,' Say Cybersecurity Researchers in New Study

Friday October 15, 2021 12:23 am PDT by
More than a dozen prominent cybersecurity experts hit out at Apple on Thursday for relying on "dangerous technology" in its controversial plan to detect child sexual abuse images on iPhones (via The New York Times). The damning criticism came in a new 46-page study by researchers that looked at plans by Apple and the European Union to monitor people's phones for illicit material, and called...