Apple patches zero-day flaw abused by infamous NSO exploit
The ForcedEntry flaw affects all Apple devices and allows hackers to compromise systems without any user interaction
Apple has issued a fix for a vulnerability in iOS, iPadOS, watchOS and macOS that paved the way for the spyware company NSO Group to develop and market a zero-click exploit to national government clients.
The ForcedEntry exploit, which targets the vulnerability tracked as CVE-2021-30860, centres on Apple’s image rendering library and effectively bypasses the in-built Apple security feature known as BlastDoor.
NSO Group had deployed the zero-click exploit to the Bahraini government, only for the client to target Bahraini activists between February and July 2021, according to Citizen Lab, which discovered the vulnerability.
Hackers had been able to exploit CVE-2021-30860 by sending a malicious iMessage that required no user interaction in order to compromise its victim.
This exploit is really similar in nature to another flaw the NSO Group had weaponised, known as Kismet, which was also used to target Bahraini activists.
Apple, however, has now issued patches for both this flaw and a WebKit vulnerability tracked as CVE-2021-30858 that’s also been exploited in the wild. This latter is a use after free issue that was addressed with improved memory management.
“Despite promising their customers the utmost secrecy and confidentiality, NSO Group’s business model contains the seeds of their ongoing unmasking,” a team of Citizen Lab researchers said.
RELATED RESOURCE
2021 IBM Security X-Force Insider Threat Report
Top discovery methods and recommendations for insider attacks
“Selling technology to governments that will use the technology recklessly in violation of international human rights law ultimately facilitates discovery of the spyware by investigatory watchdog organizations, as we and others have shown on multiple prior occasions, and as was the case again here.”
Kismet was actually never acknowledged as a vulnerability in Apple’s systems, with Citizen Lab suggesting the underlying flaw, if it still exists, was rendered obsolete by the BlastDoor mitigation introduced with iOS 14. This tool sandboxes incoming iMessages to protect users from malicious texts.
It’s likely for this reason that NSO Group developed the ForcedEntry exploit, to circumvent Apple’s additional layer of protection.
The organisation has gained notoriety for its spyware tools, having previously developed the Pegasus spyware that was eventually used to target journalists and activists through a WhatsApp vulnerability.
-
AI infrastructure firm Nscale bags record-breaking $2 billion Series C investmentNews The Nscale investment marks the largest-ever funding round for a European company
-
True scale of TfL cyber attack emergesNews New details on the scale of the TfL cyber attack raise serious questions about the rail operator’s response
-
Security agencies issue warning over critical Cisco Catalyst SD-WAN vulnerabilityNews Threat actors have been exploiting the vulnerability to achieve root access since 2023
-
Millions of developers could be impacted by flaws in Visual Studio Code extensions – here's what you need to know and how to protect yourselfNews The VS Code vulnerabilities highlight broader IDE security risks, said OX Security
-
CVEs are set to top 50,000 this year, marking a record high – here’s how CISOs and security teams can prepare for a looming onslaughtNews While the CVE figures might be daunting, they won't all be relevant to your organization
-
Microsoft patches six zero-days targeting Windows, Word, and more – here’s what you need to knowNews Patch Tuesday update targets large number of vulnerabilities already being used by attackers
-
iOS and Android users beware: This new spyware kit allows hackers to take full control of your deviceNews The professional package allows even unsophisticated attackers to take full control of devices
-
Experts welcome EU-led alternative to MITRE's vulnerability tracking schemeNews The EU-led framework will reduce reliance on US-based MITRE vulnerability reporting database
-
Veeam patches Backup & Replication vulnerabilities, urges users to updateNews The vulnerabilities affect Veeam Backup & Replication 13.0.1.180 and all earlier version 13 builds – but not previous versions.
-
Two Fortinet vulnerabilities are being exploited in the wild – patch nowNews Arctic Wolf and Rapid7 said security teams should act immediately to mitigate the Fortinet vulnerabilities
