Article 5PH95 Apple patches “FORCEDENTRY” zero-day exploited by Pegasus spyware

Apple patches “FORCEDENTRY” zero-day exploited by Pegasus spyware

by
Ax Sharma
from Ars Technica - All content on (#5PH95)
apple-keyway-800x450.jpg

Enlarge (credit: Aurich Lawson | Getty Images)

Apple has released several security updates this week to patch a "FORCEDENTRY" vulnerability on iOS devices. The "zero-click, zero-day" vulnerability has been actively exploited by Pegasus, a spyware app developed by the Israeli company NSO Group, which has been known to target activists, journalists, and prominent people around the world.

Tracked as CVE-2021-30860, the vulnerability needs little to no interaction by an iPhone user to be exploited-hence the name "FORCEDENTRY."

Discovered on a Saudi activist's iPhone

In March, researchers at The Citizen Lab decided to analyze the iPhone of an unnamed Saudi activist who was targeted by NSO Group's Pegasus spyware. They obtained an iTunes backup of the device, and a review of the dump revealed 27 copies of a mysterious GIF file in various places-except the files were not images.

Read 11 remaining paragraphs | Comments

index?i=TM9dyv9OAZ8:4D8bnTg2X9o:V_sGLiPB index?i=TM9dyv9OAZ8:4D8bnTg2X9o:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments