Apple patches vulnerability exploited by NSO Group spyware

This week, Apple patched a 0-day vulnerability dubbed ForcedEntry, which was exploited by the controversial NSO Group’s spyware. The tech giant also released updates for macOS, iOS, iPadOS and watchOS.

The ForcedEntry issue was identified as CVE-2021-30860 and was an integer overflow bug in the CoreGraphics component that is used to draw 2D graphics. ForcedEntry allowed NSO Group clients to send malicious PDFs to victims’ devices and run arbitrary code on iOS and macOS, eventually leading to system hijacking and the installation of Pegasus spyware.

In reports published by Citizen Lab in August and this week, researchers said they found several activists in Bahrain and Saudi Arabia using ForcedEntry on iPhones.

Citizen Lab experts point out that, judging by the logs of infected iPhones, there are two separate 0-click exploits for iMessage: Kismet, which targets devices running iOS 13.5.1, and ForcedEntry, which targets the latest devices running iOS 14.

In addition to ForcedEntry, Apple has fixed another dangerous problem in its products: another 0-day use-after-free vulnerability, CVE-2021-30858. This bug was discovered by an anonymous researcher and is related to the operation of the Safari browser engine (WebKit).

Let me remind you that we reported that Facebook sues NSO Group spyware maker due to exploitation of WhatsApp vulnerability, as well as that Israeli authorities are investigating the activities of NSO Group.