Apple's iOS 14.8 Update Fixes Zero-Click Exploit Used to Distribute Pegasus Spyware

by

Today's iOS 14.8 update addresses a critical vulnerability that Apple engineers have been working around the clock to fix, reports The New York Times.

nso israeli surveillance firm
Last week, The Citizen Lab informed Apple about a new zero-click iMessage exploit targeting Apple's image rendering library. Called FORCEDENTRY, the exploit could infect an iPhone, iPad, Apple Watch, or Mac with the Pegasus spyware, providing access to the camera and microphone in addition to allowing access to text messages, phone calls, and emails.

FORCEDENTRY was distributed by Israel's NSO Group to governments and various other entities, and The Citizen Lab discovered it after analyzing the ‌iPhone‌ of a Saudi activist. Details were sent to Apple on September 7, and Apple took a week to fix the bug. According to The Citizen Lab, FORCEDENTRY has been in use since at least February 2021.

"This spyware can do everything an ‌iPhone‌ user can do on their device and more," said Citizen Lab senior researcher John-Scott Railton.

Apple lists the fix as CVE-2021-30860, and described it as a maliciously crafted PDF that could lead to arbitrary code execution.

Back in July, a slew of media reports highlighted zero-click iMessage exploits called Pegasus, which were distributed by Israeli surveillance firm NSO Group and were used to target journalists, lawyers, and human rights activists around the world. A database of more than 50,000 people who had been targeted by NSO's clients was made public at the time.

The Pegasus spyware is notable because it skirts BlastDoor, specific iMessage protections that Apple put into place in with the launch of iOS 14. BlastDoor is a sandbox security system for Messages that's designed to prevent exploits like Pegasus, but it's still a work in progress.

Apple told The New York Times that it plans to add spyware barriers to the iOS 15 software update to prevent similar attacks in the future.

Note: Due to the political or social nature of the discussion regarding this topic, the discussion thread is located in our Political News forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Tags: security, Apple security

Top Rated Comments

iStorm Avatar
iStorm
2 weeks ago

Just turn this off!



Attachment Image
Score: 41 Votes (Like | Disagree)
Mantahoe Avatar
Mantahoe
2 weeks ago

Just turn this off!


This is dumb. Regular sms is worse security-wise.
Score: 32 Votes (Like | Disagree)
Villarrealadrian Avatar
Villarrealadrian
2 weeks ago
Well this is great News!
Score: 16 Votes (Like | Disagree)
Benjamin Nabulsi Avatar
Benjamin Nabulsi
2 weeks ago
Why Apple, Google, and Microsoft don't sue such companies and run their resources to the ground?
Score: 16 Votes (Like | Disagree)
adbe Avatar
adbe
2 weeks ago

Why did apple not start on this back in July?
Because they didn't know about this particular exploit back in July. The article makes that pretty clear.
Score: 16 Votes (Like | Disagree)
mw360 Avatar
mw360
2 weeks ago

Why did apple not start on this back in July?
There are a series of clues in all those words underneath the picture.
Score: 15 Votes (Like | Disagree)
Read All Comments

Top Stories

nso israeli surveillance firm

Report: Pegasus Spyware Sold to Governments Uses Zero-Click iMessage Exploit to Infect iPhones Running iOS 14.6

Monday July 19, 2021 12:35 am PDT by
Journalists, lawyers, and human rights activists around the world have been targeted by authoritarian governments using phone malware made by Israeli surveillance firm NSO Group, according to multiple media reports. An investigation by 17 media organizations and Amnesty International's Security Lab uncovered a massive data leak, indicating widespread and continuing abuse of the commercial...
Read Full Article122 comments
iPhone 13 Security

Researcher Says Apple Ignored Three Zero-Day Security Vulnerabilities Still Present in iOS 15

Friday September 24, 2021 10:42 am PDT by
In 2019, Apple opened its Security Bounty Program to the public, offering payouts up to $1 million to researchers who share critical iOS, iPadOS, macOS, tvOS, or watchOS security vulnerabilities with Apple, including the techniques used to exploit them. The program is designed to help Apple keep its software platforms as safe as possible. In the time since, reports have surfaced indicating...
Read Full Article105 comments
iphone6plus

Apple Releases iOS 12.5.5 Update for Older iPhones With Fix for Zero-Day Exploit

Thursday September 23, 2021 9:59 am PDT by
Apple today released an iOS 12.5.5 update for older iPhones and iPads that are not able to run the current version of iOS, iOS 15. The update can be downloaded over-the-air by going to the Settings app, tapping on "General," and selecting the "Software Update" option. There's no word yet on what's included in the iOS 12.5.5 update, but according to Apple's release notes, it is a security...
Read Full Article64 comments
iOS 14 on iPhone feature emergency

Apple Releases iOS 14.8 and iPadOS 14.8 With Security Updates

Monday September 13, 2021 9:57 am PDT by
Apple today released iOS 14.8, marking the eighth major update to the iOS operating system that came out in September 2020. iOS 14.8 comes two months after the release of iOS 14.7, an update that introduced MagSafe Battery Pack support. The iOS 14.8 update can be downloaded for free and the software is available on all eligible devices over-the-air in the Settings app. To access the new...
Read Full Article93 comments
iphone 13 apple watch bug

Apple to Fix Issue Preventing iPhone 13 Users From Unlocking With Apple Watch in Upcoming Software Update

Sunday September 26, 2021 6:57 am PDT by
Apple today said an issue preventing some iPhone 13 users from using the Unlock with Apple Watch feature will be fixed in an upcoming software update. In a support document, Apple said affected users can turn off Unlock with Apple Watch and use their passcode to unlock their iPhone 13 until the software update is released. The feature, which is designed to let you unlock your iPhone while...
Read Full Article142 comments
iPhone 13 Face ID

iOS 15 Includes Improved Face ID Anti-Spoofing Models and Other Vulnerability Fixes

Monday September 20, 2021 12:50 pm PDT by
The iOS 15 and iPadOS 15 updates that were released today add improved anti-spoofing models for Face ID, further improving the security of facial recognition on the iPhone X and later and the iPad Pro models. According to Apple's security support document for the updates, there was a Face ID vulnerability that could allow a Face ID iPhone to be unlocked and authenticated using a 3D model...
Read Full Article29 comments
iOS 15 Messages Feature

Apple Highlights Additional iOS 15 Features, Such as Dual-SIM Phone Number Switching in iMessage Conversations

Sunday September 19, 2021 8:40 pm PDT by
Apple recently updated its iOS 15 features page to highlight some additional information about the software update ahead of its imminent release. In addition to revealing that Find My network support for AirPods Pro and AirPods Max has been delayed until "later this fall," Apple said iOS 15 allows users to seamlessly switch between phone numbers in the middle of an iMessage conversation on...
Read Full Article75 comments
iOS 15 icon on phone

Apple Releases iOS 15 and iPadOS 15 With Safari Updates, Focus Mode, Live Text, iCloud+, System-Wide Translate, On-Device Siri and More

Monday September 20, 2021 10:04 am PDT by
Apple today released iOS 15 and iPadOS 15, the newest operating system updates designed for the iPhone, iPad, and iPod touch. As with all of Apple's software updates, iOS and iPadOS 15 can be downloaded at no cost. iOS 15 is available on the iPhone 6s and later while iPadOS 15 is available on the iPad Air 2 and later. The new software can be downloaded on eligible devices over-the-air by...
Read Full Article230 comments
eff apple park plane 1

EFF Flew a Banner Over Apple Park During Last Apple Event to Protest CSAM Plans

Friday September 24, 2021 2:06 am PDT by
In protest of the company's now delayed CSAM detection plans, the EFF, which has been vocal about Apple's child safety features plans in the past, flew a banner over Apple Park during the iPhone 13 event earlier this month with a message for the Cupertino tech giant. During Apple's fully-digital "California streaming" event on September 14, which included no physical audience attendance in...
Read Full Article223 comments
tim cook privacy

Apple Not Trying Hard Enough to Protect Users Against Surveillance, Researchers Say

Friday July 23, 2021 6:46 am PDT by
Following the news of widespread commercial hacking spyware on targeted iPhones, a large number of security researchers are now saying that Apple could do more to protect its users (via Wired). Earlier this week, it was reported that journalists, lawyers, and human rights activists around the world had been targeted by governments using phone malware made by the surveillance firm NSO Group...
Read Full Article105 comments