By security practitioners, for security practitioners innovate | novacoast federal | novaSOC | novacoast
By security practitioners, for security practitioners

FORCEDENTRY zero-click exploit used on Apple iOS, MacOS, and WatchOS devices

Apple’s updates to its operating systems this week contain a patch for a serious vulnerability that allowed a zero-click exploit dubbed “FORCEDENTRY” to infect devices with spyware. Owners of Apple devices should update to latest versions ASAP.

Vulnerability details 

While analyzing the phone of a Saudi activist infected with NSO Group’s Pegasus spyware, researchers at Citizen Lab captured evidence of an exploit they’ve dubbed FORCEDENTRY.  It targets Apple’s image rendering library, and is effective against Apple iOS, MacOS and WatchOS devices.

Citizen Lab believes the vulnerability, tracked by Apple as CVE-2021-30860, was used to remotely exploit the latest versions of Apple OSes and infect them with spyware, as early as February 2021.

The exploit is significant because it’s been designed to break Apple’s “BlastDoor” defenses against malicious content, and it’s a zero-click exploit, meaning no amount of vigilance or discretion is possible if targeted, because user action is not required for execution.

FORCEDENTRY uses a maliciously encoded PDF file, renamed with the .gif file extension targeted at iMessage to deliver a payload that executes its code. It works by exploiting an integer overflow vulnerability in Apple’s image rendering library (CoreGraphics.)

Versions/devices affected

  • iPhones with iOS versions prior to 14.8
  • macOS prior to Big Sur 11.6
  • macOS 10.15 Catalina prior to Security Update 2021-005
  • Apple Watches prior to watchOS 7.6.2

Mitigation 

Update to the latest versions of Apple operating systems.

  • iOS 14.8
  • macOS Big Sur 11.6

Resources

Citizen Lab report
https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/

Apple securitiy updates
https://support.apple.com/en-us/HT201222

Previous Post

Attackers Exploit Microsoft Windows Remote Code Execution Vulnerability In The Wild

Next Post

What is SASE? SASE Explained.

Innovate uses cookies to give you the best online experience. If you continue to use this site, you agree to the use of cookies. Please see our privacy policy for details.