These files each had random-looking ten-character filenames. Each copy of this file caused an IMTranscoderAgent crash on the device. Despite the extension, the file was actually a 748-byte Adobe PSD file. 27 copies of an identical file with the “.gif” extension.gif” extension in Library/SMS/Attachments that we determined were sent to the phone immediately before it was hacked with NSO Group’s Pegasus spyware. Recent re-analysis of the backup yielded several files with the “. We urge readers to immediately update all Apple devices.įigure 1: The GIF files we found on the phone. Today, September 13th, Apple is releasing an update that patches CVE-2021-30860. The Citizen Lab disclosed the vulnerability and code to Apple, which has assigned the FORCEDENTRY vulnerability CVE-2021-30860 and describes the vulnerability as “processing a maliciously crafted PDF may lead to arbitrary code execution.”.We believe that FORCEDENTRY has been in use since at least February 2021. We determined that the mercenary spyware company NSO Group used the vulnerability to remotely exploit and infect the latest Apple devices with the Pegasus spyware.The exploit, which we call FORCEDENTRY, targets Apple’s image rendering library, and was effective against Apple iOS, MacOS and WatchOS devices. While analyzing the phone of a Saudi activist infected with NSO Group’s Pegasus spyware, we discovered a zero-day zero-click exploit against iMessage.Bill Marczak, John Scott-Railton, Bahr Abdul Razzak, Noura Al-Jizawi, Siena Anstis, Kristin Berdan, and Ron Deibert SeptemSummary
0 Comments
Leave a Reply. |