If you have any Apple products, you should update them as soon as possible. Apple has provided an emergency upgrade to protect users after a “zero-day” security flaw was discovered.
The hole is characterized as a “zero-day” defect since organizations only have one day to repair it once it is discovered. Citizen Lab discovered this issue, which they’ve dubbed “FORCEDENTRY,” while examining the phone of a Saudi activist. The exploit, according to the group, was created by Israeli technology firm NSO Group.
Citizen Lab said in a statement that the mercenary spyware outfit NSO Group utilized the vulnerability to remotely exploit and infect the latest Apple devices with the Pegasus spyware.
“The spyware deployed via the FORCEDENTRY exploit exhibited a forensic artifact known as CASCADEFAIL, which is a bug that causes evidence to be erased in pieces from the phone’s DataUsage.sqlite file. An entry from the file’s ZPROCESS table is erased in CASCADEFAIL, but entries in the ZLIVEUSAGE table that relate to the deleted ZPROCESS entry are not deleted. We’ve only ever seen this form of incomplete deletion linked to NSO Group’s Pegasus malware, and we believe the problem is unique enough to be traced back to NSO.”
The exploit is also a zero-click, meaning it doesn’t require the user to click on anything for it to work, and it’s most likely propagated by a message sent to people’s smartphones. Citizen Lab believes it has been in place since February, but they reported it to Apple on September 7 when they discovered it.
“After discovering the iMessage vulnerability used by this exploit, Apple quickly created and released a remedy in iOS 14.8 to safeguard our consumers. Apple said in a statement seen by 9TO5MAC, “We’d like to applaud Citizen Lab for successfully completing the very tough process of obtaining a sample of this attack so we could create this repair swiftly.”
“Attacks like the ones described are extremely complex, cost millions of dollars to develop, have a short shelf life, and are used to target specific persons.” While this means they pose no harm to the vast majority of our users, we will continue to work relentlessly to secure all of our customers, and we will continue to introduce new protections for their devices and data.”
Despite the fact that you’re unlikely to be targeted by the exploit unless you’re a high-profile protestor in a country where that’s enough to have you monitored, it’s still a good idea to upgrade your devices to eliminate the possibility of your phone being hacked.