Apple has issued a security update following the discovery of a zero-day, zero-click “spyware” that could infect iPhones and iPads.
Discovered By Researchers
The threat was discovered by independent researchers from the University of Toronto’s Citizen Lab while they were analysing the phone of a Saudi activist infected with NSO Group’s Pegasus spyware.
What Is It?
The Citizen Lab has described the threat as a zero-day (unknown, or known but with no patch yet), zero-click “spyware”. This is spying malware that doesn’t need users to click on a link or file to launch it. The Citizen Lab, which has identified the threat as being “in the wild” (already in circulation), says that a “maliciously crafted” PDF file could lead to arbitrary code execution. The threat uses malicious Adobe PDF files disguised to look like GIF (files with the “.gif” extension). The exploit has been dubbed “FORCEDENTRY” and, is believed to target Apple’s image rendering library, and works by exploiting an integer overflow vulnerability in Apple’s image rendering library (CoreGraphics).
iOS, MacOS, and WatchOS Devices At Risk
The researchers found the threat to be effective against Apple iOS, MacOS, and WatchOS devices, and that it has been used by a mercenary spyware company called “NSO Group” to remotely exploit and infect the latest Apple devices with the Pegasus spyware.
Patch Issued In Response
After The Citizen Lab passed the details of its findings to Apple, the tech giant released a patch/security update. Apple issued iOS 14.8 and iPadOS 14.8 patches for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation). Apple says that it is “aware of a report that this issue may have been actively exploited”.
The news of the discovery of the exploit, which may have been in use since at least February this year, came at a bad time for Apple as the company prepared to unveil its new devices, including its new iPhones and updates to its AirPods and Apple Watch, at its annual launch event (Tuesday).
What Does This Mean For Your Business?
The Citizen Lab researchers have blamed the Israel-based NSO Group for selling technology that is being used as “despotism-as-a-service” by unaccountable government security agencies. Even though this is a real threat to iPhones, iPads, and Apple watches, security commentators say that the vast majority of iPhone owners don’t need to be too concerned because this type of attack is usually highly targeted. Nevertheless, the discovery has come at an unfortunate moment for Apple which has been busy trying to promote the benefits of its new products while competitors like Microsoft have announced the launch of a new, secure, passwordless login system.