IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Apple patches zero-day flaw abused by infamous NSO exploit

The ForcedEntry flaw affects all Apple devices and allows hackers to compromise systems without any user interaction

Apple has issued a fix for a vulnerability in iOS, iPadOS, watchOS and macOS that paved the way for the spyware company NSO Group to develop and market a zero-click exploit to national government clients.

The ForcedEntry exploit, which targets the vulnerability tracked as CVE-2021-30860, centres on Apple’s image rendering library and effectively bypasses the in-built Apple security feature known as BlastDoor

NSO Group had deployed the zero-click exploit to the Bahraini government, only for the client to target Bahraini activists between February and July 2021, according to Citizen Lab, which discovered the vulnerability.

Hackers had been able to exploit CVE-2021-30860 by sending a malicious iMessage that required no user interaction in order to compromise its victim.

This exploit is really similar in nature to another flaw the NSO Group had weaponised, known as Kismet, which was also used to target Bahraini activists.

Apple, however, has now issued patches for both this flaw and a WebKit vulnerability tracked as CVE-2021-30858 that’s also been exploited in the wild. This latter is a use after free issue that was addressed with improved memory management.

“Despite promising their customers the utmost secrecy and confidentiality, NSO Group’s business model contains the seeds of their ongoing unmasking,” a team of Citizen Lab researchers said.

Related Resource

2021 IBM Security X-Force Insider Threat Report

Top discovery methods and recommendations for insider attacks

White background with a black border on side - whitepaper from IBMFree download

“Selling technology to governments that will use the technology recklessly in violation of international human rights law ultimately facilitates discovery of the spyware by investigatory watchdog organizations, as we and others have shown on multiple prior occasions, and as was the case again here.”

Kismet was actually never acknowledged as a vulnerability in Apple’s systems, with Citizen Lab suggesting the underlying flaw, if it still exists, was rendered obsolete by the BlastDoor mitigation introduced with iOS 14. This tool sandboxes incoming iMessages to protect users from malicious texts.

It’s likely for this reason that NSO Group developed the ForcedEntry exploit, to circumvent Apple’s additional layer of protection.

The organisation has gained notoriety for its spyware tools, having previously developed the Pegasus spyware that was eventually used to target journalists and activists through a WhatsApp vulnerability.

Featured Resources

AI for customer service

IBM Watson Assistant solves customer problems the first time

View now

Solve cyber resilience challenges with storage solutions

Fundamental capabilities of cyber-resilient IT infrastructure

Free Download

IBM FlashSystem 5000 and 5200 for mid-market enterprises

Manage rapid data growth within limited IT budgets

Free download

Leverage automated APM to accelerate CI/CD and boost application performance

Constant change to meet fast-evolving application functionality

Free Download

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

15 Nov 2022
The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

14 Nov 2022
Windows users now able to run Linux apps and distros natively
Microsoft Windows

Windows users now able to run Linux apps and distros natively

24 Nov 2022