This week, Apple released an urgent update that mitigates a critical vulnerability exploited by the Pegasus mobile software. The flaw, which is tracked as CVE-2021-30860, was first discovered by security researchers at the University of Toronto’s Citizen Lab when analyzing the iPhone of a Saudi activist who had been targeted and infected with NSO Group’s Pegasus spyware. The researchers were able to uncover a zero-day zero-click exploit against iMessage. The zero-day is referred to as FORCEDENTRY by security researchers. The exploit targets Apple’s rendering library and is effective against macOS, watchOS, and Apple iOS devices.
Citizen Lab believes that the exploit has been used by actors deploying Pegasus spyware since at least February of this year. The organization made a high-confidence attribution to NSO Group for the exploit and sent its findings to Apple. Apple has now released a patch for the exploit and has urged customers to immediately update their devices. The vulnerability affects all iPhones with iOS versions 14.8 and prior, all Mac computers with operating system versions prior to OSX Big Sur 11.6, and all watches prior to watchOS 7.6.2.
Read More: Apple Releases Urgent Patch Following Discovery of Pegasus Spyware