Own an Apple? You Need to Update Your Phone, Computer & Watch Immediately
If you're an Apple user, you need to update your phones, computers, and watches immediately.
Spyware detected by researchers at University of Toronto Citizen's Lab allows hackers to infect Apple products without users even clicking on a link. "While analyzing the phone of a Saudi activist infected with NSO Group’s Pegasus spyware, we discovered a zero-day zero-click exploit against iMessage."
FORCEDENTRY, targets Apple’s image rendering library and is believed to have been in use since at least February 2021. "We determined the mercenary spyware company NSO Group used the vulnerability to remotely exploit and infect the latest Apple devices with the Pegasus spyware."
Devices Affected
All iPhones with iOS versions prior to 14.8
All Mac computers with operating system versions prior to OSX Big Sur 11.6, Security Update 2021-005 Catalina
All Apple Watches prior to watchOS 7.6.2.
FORCEDENTRY is the latest in a string of zero-click exploits linked to NSO Group. In 2019, WhatsApp fixed a zero-click vulnerability that NSO Group used against more than 1400 phones in a two-week period. In 2020, NSO Group employed the KISMET zero-click iMessage exploit.
Our finding highlights the paramount importance of securing popular messaging apps. Ubiquitous chat apps have become a major target for the most sophisticated threat actors, including nation-state espionage operations and the mercenary spyware companies that service them. As presently engineered, many chat apps have become an irresistible soft target. Without intense engineering focus, we believe that they will continue to be heavily targeted, and successfully exploited.
Apple issued a security update on Monday, September 13. If you have any of the products above, you're advised to update your device immediately to avoid remote data hacks and possible eavesdropping at Support.apple.com.