Apple patches “FORCEDENTRY” zero-day exploited by Pegasus spyware

 In apple, Biz & IT, imessage, iOS, iphone, nso group, Pegasus, Security, spyware, Tech, vulnerability, zero day

Apple patches “FORCEDENTRY” zero-day exploited by Pegasus spyware

Serving the Technologist for more than a decade. IT news, reviews, and analysis.
Apple patches “FORCEDENTRY” zero-day exploited by Pegasus spyware

Enlarge (credit: Aurich Lawson | Getty Images)

Apple has released several security updates this week to patch a “FORCEDENTRY” vulnerability on iOS devices. The “zero-click, zero-day” vulnerability has been actively exploited by Pegasus, a spyware app developed by the Israeli company NSO Group, which has been known to target activists, journalists, and prominent people around the world.

Tracked as CVE-2021-30860, the vulnerability needs little to no interaction by an iPhone user to be exploited—hence the name “FORCEDENTRY.”

Discovered on a Saudi activist’s iPhone

In March, researchers at The Citizen Lab decided to analyze the iPhone of an unnamed Saudi activist who was targeted by NSO Group’s Pegasus spyware. They obtained an iTunes backup of the device, and a review of the dump revealed 27 copies of a mysterious GIF file in various places—except the files were not images.

Read 11 remaining paragraphs | Comments

Zero-click flaw has been exploited by NSO since at least February 2021.

Recent Posts
Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Not readable? Change text. captcha txt