Apple has released an urgent iOS update this week to fix a critical vulnerability on over 1.6B Apple devices that independent researchers from the University of Toronto's Citizen Lab say was known to have been used by Pegasus surveillance software to spy on a Saudi activist.
Researchers from Citizen Lab said the FORCEDENTRY vulnerability (CVE-2021-30860) has been exploited since at least February to deploy Pegasus spyware, which has allegedly been used for surveillance of journalists and human rights advocates around the world. The researchers found the vulnerability while were studying how Pegasus was installed on the iPhone of a Saudi activist. The Saudi activist chose to remain anonymous, Citizen Lab said.
Apple released the urgent update on Monday, 13 September, to fix the FORCEDENTRY vulnerability in the iMessage app that allowed hackers to break into a user's phone without the user clicking on any links, according to Citizen Lab. Apple describes the vulnerability as “processing a maliciously crafted PDF may lead to arbitrary code execution.” Apple has credited the Citizen Lab researchers for finding the vulnerability.
"Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals," Ivan Krstić, head of Apple Security Engineering and Architecture, said in a statement. While "not a threat to the overwhelming majority of our users," Krstić said Apple rapidly addressed the issue with the software update.
Still, security experts encourage users to update their mobile devices to prevent being breached.
What is Pegasus Spyware?
Pegasus spyware was developed by the Israeli cyberarms firm NSO Group and can be covertly installed on most iOS and Android mobile phones. The spyware has allegedly been used in the surveillance of journalists and human rights advocates around the world.
The Pegasus Project and Amnesty International claims that Pegasus software can exploit all recent iOS versions up to iOS 14.6. Apple says that vulnerability can be exploited using a malicious PDF file. It is also possible that Pegasus may exploit other vulnerabilities besides FORCEDENTRY (CVE-2021-30860).
For those interested in the technical details on how Pegasus is installed and operates, download the “Forensic Methodology Report: How to catch NSO Group’s Pegasus” report from Amnesty International.
According to intelligence obtained by the Israeli newspaper Haaretz in August 2020, NSO Group sold the Pegasus spyware software for hundreds of millions of US dollars to the United Arab Emirates as well as other Gulf States, to be used for the surveillance of anti-regime activists, journalists, and political leaders from rival nations, with support by the Israeli government. Last December, the Al Jazeera investigative show The Tip of the Iceberg, Spy partners, extensively reported on Pegasus, its infiltration into the phones of journalists and activists, and its being used to eavesdrop on both opponents and allies by Israel.
While not addressing the allegations in a statement, NSO Group did say, "NSO Group will continue to provide intelligence and law enforcement agencies around the world with lifesaving technologies to fight terror and crime." The firm has previously said its software is only sold to vetted customers for counterterrorism and law enforcement purposes.
What should iPhone users do?
Sangfor strongly urges anyone using an iOS device (iPhone, iPad, etc.) to update their software immediately. Apple is using a phased approach to notify users about the update so you may not see an update message quickly. Go into Settings > General > Software Update and click on look for updates. You will feel better that you did.