[TheRecord] Apple releases patches for NSO Group’s ForcedEntry zero-day

Apple has released security updates today to patch ForcedEntry, a professional exploit developed by Israeli spyware maker NSO Group, and which has been abused to hack into the phones of multiple activists since February this year.

Patches are available today for macOSiOS, iPadOS, and watchOS.

Tracked as CVE-2021-30860, the ForcedEntry zero-day exploits a bug in CoreGraphics, an Apple component for drawing 2D graphics.

When weaponized, ForcedEntry allows NSO customers to send maliciously crafted PDF files to a victim’s Apple device and run malicious code that takes over their systems.

Citizen Lab, a political, human rights, and cybersecurity research center at the University of Toronto, was credited with discovering this zero-day.

In reports published in August and earlier today, Citizen Lab researchers said they found ForcedEntry deployed on the iPhones of activists in Bahrain and Saudi Arabia.

TargetDescriptionDate(s) of HackingMoosa Abd-Ali *Activist(Sometime before September 2020)Yusuf Al-JamriBlogger(Sometime before September 2019)Activist AMember of WaadSeptember 16, 2020Activist B *Member of Waad, Labor Law ResearcherJune 3, 2020 July 12, 2020 July 19, 2020 July 24, 2020 August 6, 2020 September 15, 2020Activist CMember of WaadSeptember 14, 2020Activist D *Member of BCHRSeptember 14, 2020Activist EMember of BCHRFebruary 10, 2021Activist F *Member of BCHRJuly 11, 2020 July 15, 2020 July 22, 2020 October 13, 2020Activist G *Member of Al Wefaq(Sometime before October 2019)Activist HBased in Saudi ArabiaMarch 2021

The researchers said they believe the exploit has been used in attacks since at least February this year.

In its August report, Citizen Lab said that NSO Group appears to have specifically developed ForcedEntry as a way to bypass a new security feature called BlastDoor that Apple added in iOS 14 in the fall of 2020.

Safari zero-day also patched

In addition, Apple’s security updates today also include a patch for a second zero-day, tracked as CVE-2021-30858.

Reported by an anonymous researcher, this bug impacts Safari’s WebKit browser engine and was also abused in the wild, but details about its exploitation have not been revealed.

Patches for this zero-day were released for macOSiOS, and iPadOS.

These two zero-days represent the 14th and 15th zero-days Apple has patched this year.

The post Apple releases patches for NSO Group’s ForcedEntry zero-day appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[ESET] Week in security with Tony Anscombe

All posts, ESET feed

What’s it like working as a malware researcher? – ProtonMail and the battle for email privacy – Man charged with hacking, trying to extort US sports leagues The post Week in security with Tony Anscombe appeared first on WeLiveSecurity Source: Read More (WeLiveSecurity)

Read More

[SecurityWeek] Rising Cyberattacks in West Highlight Vulnerabilities

All posts, Security Week

A series of high-profile cyberattacks on targets in the West have highlighted the vulnerability of companies and institutions, making the issue a higher public priority but with no easy solution. read more Source: Read More (SecurityWeek RSS Feed)

Read More

Daily NCSC-FI news followup 2021-11-04

Ukraine links members of Gamaredon hacker group to Russian FSB www.bleepingcomputer.com/news/security/ukraine-links-members-of-gamaredon-hacker-group-to-russian-fsb/ SSU and the Ukrainian secret service say they have identified five members of the Gamaredon hacking group, a Russian state-sponsored operation known for targeting Ukraine since 2014. This Gamaredon hacking group, tracked as Armageddon by the SSU, is allegedly operated under the FSB (Russian […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.