FORCEDENTRY: NSO Group iMessage Zero-Click Exploit Captured in the Wild

September 13, 2021 — While analyzing the phone of a Saudi activist infected with NSO Group’s Pegasus spyware, Citizen Lab researchers discovered a zero-day zero-click exploit against iMessage. The exploit, which they call FORCEDENTRY, targets Apple’s image rendering library and was effective against Apple iOS, MacOS and WatchOS devices.

Bookmark this page to follow this report in the news:

Apple Spyware Breach (Sky News)

Aukus security pact sparks Chinese and French ire (PRI)

Apple says its security flaw was fixed. Cyber analysts warn zero-click threats will persist. (CBS News)

Apple’s security fix: Protect your iPhone from Pegasus now (Cnet)

Apple shaken by security scare ahead of iPhone 13 launch event (Toronto Star)

Toronto lab uncovers flaw in Apple devices that prompts worldwide update for users (CTV News)

Apple patches an NSO zero-day flaw affecting all devices (Tech Crunch)

Spyware is getting stealthier and deadlier (Rabble)

Apple Issues Emergency Security Updates to Close a Spyware Flaw (New York Times)

Apple rushes to block ‘zero-click’ iPhone spyware (BBC)

Update your Apple devices now. New Pegasus hack prompts company to issue new software to fix iMessage vulnerability. (Washington Post)

Apple Event: New iPhone 13, Apple Watch Series 7, iPads (Washington Post)

Biden’s new tech picks are steeped in civil rights. That spells trouble for Silicon Valley. (Washington Post)

Cyber insurance may not be making companies more secure (Washington Post)

Apple fixes security hole reportedly used to hack an iPhone (Associated Press)

AP story also appeared in:

Cyber arms dealer exploits new iPhone software vulnerability, affecting most versions, say researchers (Reuters)

Apple issues urgent iPhone software update to address critical spyware vulnerability (CNN)

Apple wants you to update your iPhone, Mac, and Apple Watch after it fixed a software flaw that let hackers spy without anyone clicking a link (Business Insider)

Do you own an iPhone or iPad?​ Update your Apple devices right now. (USA Today)

How to update your iPhone to iOS 14​.8 and detect Pegasus spyware after new hack (Newsweek)

Apple announces fix for flaw linked to Pegasus spyware (AFP via Hindustan Times) 

Apple issues urgent security update for all iPhone, iPad and Mac users (The Independent)

Apple (AAPL) Fixes Security Bug That Could Let Hackers Take Over Phones (Bloomberg)

Apple iOS 14.8 Release: Should You Upgrade? (Forbes)

It’s not just you: Emergency software patches are on the rise (NBC)

A ‘digital spy in your pocket’: Zero-click hack blocked by Apple, but what is it? – National | (Global)

Apple Patches Zero-Click iMessage Hack Used by NSO (Vice)