The spyware of the NSO group, Pegasus, has been the subject of news since 2016. From affecting Jeff Bezos’s iPhone to being used in our country with Catalan politicians. Now from the security firm Citizen Lab they have reported a new critical vulnerability affecting iMessage called ‘Forcedentry’.
Fortunately, from Apple they have acted quickly and the security update is now available urgently which fixes this vulnerability. From here we recommend that all users update their devices to be protected.
What do we know about this vulnerability
The vulnerability targets Apple’s image rendering library and affects iOS, MacOS and WatchOS devices.
Through this vulnerability, spyware from the NSO group can be located on the device without being detected and potentially see all messages and listen to all calls.
Today, September 13th, Apple is releasing an update that patches CVE-2021-30860. We urge everyone to immediately update all Apple devices.
— Citizen Lab (@citizenlab) September 13, 2021
This spyware falls into the category of ‘zero-click remote execution’, which means that attackers can install it on the device without the need for any additional interaction.
As described by Citizen Lab, they believe that this vulnerability may have been in use since February 2021.
Under the code CVE-2021-30860, the vulnerability has been described as “Processing a maliciously crafted PDF can lead to arbitrary code execution.”
How to update our devices
After hearing the report from the cybersecurity firm, Apple has immediately corrected this vulnerability and has sent an update. From the Apple support page it is possible to see the latest security updates. The previous one dates from August 16, 2021 and is focused on iCloud for Windows. This time, all major Apple operating systems have been updated, dated September 13.
- iPhone or iPad: Go to Settings> General and click on software updates to download the latest versions of iOS 14.8 or iPadOS 14.8.
- Apple Watch: The latest security update is WatchOS 7.6.2.
- Mac: In the icon in the upper left corner go to the ‘About this Mac’ option and select the latest MacOS 11.6 software update.
In Engadget | What’s the difference: malware, viruses, worms, spyware, trojans, ransomware, etc.