Apple Issues Emergency Fix for NSO Zero-Click Zero Day

Threat Post - 

Citizen Lab urges Apple users to update immediately. The new zero-click zero-day ForcedEntry flaw affects all things Apple: iPhones, iPads, Macs and Watches.

Apple users should immediately update all their devices – iPhones, iPads, Macs and Apple Watches – to install an emergency patch for a zero-click zero-day exploited by NSO Group to install spyware.

The security updates, pushed out by Apple on Monday, include iOS 14.8 for iPhones and iPads, as well as new updates for Apple Watch and macOS. The patches will fix at least one vulnerability that the tech behemoth said “may have been actively exploited.”

Citizen Lab first discovered the never-before-seen, zero-click exploit, which it detected targeting iMessaging, last month. It’s allegedly been used to illegally spy on Bahraini activists with NSO Group’s Pegasus spyware, according to the cybersecurity watchdog.

The digital researchers dubbed the new iMessaging exploit ForcedEntry.

Citizen Group said in August that they had identified nine Bahraini activists whose iPhones were inflicted with Pegasus spyware between June 2020 and February 2021. Some of the activists’ phones suffered zero-click iMessage attacks that, besides ForcedEntry, also included the 2020 KISMET exploit.

The activists included three members of Waad (a secular Bahraini

Read More: https://threatpost.com/apple-emergency-fix-nso-zero-click-zero-day/169416/