Apple has released a new suite of software updates for iOS, macOS, and WatchOS that address a critical vulnerability that engineers have been working extensively in order to fix. Last week, security researchers at Citizen Lab informed Apple about a new zero-click iMessage exploit that targeted Apple’s image rendering library. The exploit, called FORCEDENTRY, could infect an iPhone, iPad, Apple Watch, or Mac with the Pegasus spyware, providing access to the user’s camera and microphone in addition to allowing access to text messages, phone calls, and emails.
FORCEDENTRY was distributed by Israel’s NSO Group to governments and various other entities. Citizen Lab discovered the malware after analysing the iPhone of a Saudi activist. Details were sent to Apple on September 7, and Apple took a week to fix the bug. Researchers at Citizen Lab said that FORCEDNTRY has been in use since at least February 2021. “This spyware can do everything an iPhone user can do on their device and more," Citizen Lab senior researcher John-Scott Railton was quoted as saying.
This comes after an incident in July, where a slew of media reports brought to light a zero-click iMessage exploit called Pegasus. Pegasus was also distributed by Israeli surveillance firm NSO Group and were used to target journalists, lawyers, and human rights activists around the world.
Pegasus is a notable software as it bypasses Apple’s BlastDoor iMessage protection that Apple put into place with the launch of iOS 14. Apple told New York Times in a response that it plans to add spyware barriers to iOS 15 to prevent similar attacks in the future.