Aurich Lawson | Getty Images
Apple released several security updates this week to fix a “FORCEDENTRY” vulnerability on iOS devices. The “zero-click and zero-day” vulnerability has been actively exploited by Pegasus, a spyware application developed by the Israeli company NSO Group, which is known to target activists, journalists and prominent people around the world.
Followed as CVE-2021-30860, the vulnerability requires little or no interaction on the part of an iPhone user who is exploited, hence the name “FORCEDENTRIA”.
Discovered on the iPhone by a Saudi activist
In March, researchers at The Citizen Lab decided to analyze the iPhone of an unnamed Saudi activist who was targeted by the NSO group’s Pegasus spyware. They obtained an iTunes backup of the device and a review of the dump revealed 27 copies of a mysterious GIF file in various places, except that the files were not images.
They were Adobe Photoshop PSD files saved with a “.gif” extension; sharp-eyed investigators determined that the files were “sent to the phone immediately before being hacked” with Pegasus spyware.
“Despite the extension, the file was actually a 748-byte Adobe PSD file. Each copy of this file resulted in a file IMTranscoderAgent crash into the device, ”the researchers explained in their report.
Because these shocks resembled the behavior previously seen by the same researchers on iPhones hacked by nine Bahraini activists, the researchers suspected that the GIFs were part of the same exploitation chain. Some other fake GIFs were also present on the device; they were considered to be malicious Adobe PDF files with longer filenames.
The Citizen Lab revealed the vulnerability and code to Apple, which has assigned the FORCEDENTRY CVE-2021-30860 vulnerability and described the vulnerability as “processing a maliciously crafted PDF can lead to arbitrary code execution,” they said. explain the authors of the report.
Researchers say the vulnerability has been remotely exploited by the NSO group since at least February 2021 to infect the latest Apple devices with Pegasus spyware.
Apple issues several security warnings
Yesterday, Apple released several security updates to fix CVE-2021-30860 on macOS, watchOS and iOS devices. Apple says the vulnerability can be exploited by “processing a maliciously crafted PDF” and giving an attacker code execution features.
“Apple is aware of a report that could have actively exploited this issue,” Apple wrote in one of the tips, without posting more information on how the defect could be exploited.
IPhone and iPad users should install the latest versions of the operating system, iOS 14.8 and iPadOS 14.8, to correct the error. Mac users should upgrade to Catalina 2021-005 or macOS Big Sur 11.6. Apple Watch users should have watchOS 7.6.2. All versions prior to the fixed versions are at risk.
An anonymous researcher reported another arbitrary code execution vulnerability in the Safari browser. Followed as CVE-2021-30858, the vulnerability after free use has also been fixed by an update posted in Safari 14.1.2.
“We all carry very sophisticated personal devices that have profound implications for personal privacy. There are many examples of [these risks], such as application data collection, which Apple recently changed to curb with its application tracking transparency framework, “Jesse Rothstein, CTO and co-founder of network security firm ExtraHop, told Ars. ” Any sophisticated system has security vulnerabilities that can be exploited and mobile phones are no exception. “
“Pegasus shows how unknown vulnerabilities can be exploited to access highly sensitive personal information,” Rothstein said. “The NSO group is an example of how governments can basically outsource or acquire armed cyber capabilities. In my opinion, this is no different from arms trafficking – it is not regulated in this way. Companies will always have to correct their vulnerabilities, but regulations will help prevent some of these cyber weapons from being misused or falling into the wrong hands. “