Tech »  Topic »  Apple patches “FORCEDENTRY” zero-day exploited by Pegasus spyware

Apple patches “FORCEDENTRY” zero-day exploited by Pegasus spyware


Apple has released several security updates this week to patch a "FORCEDENTRY" vulnerability on iOS devices. The "zero-click, zero-day" vulnerability has been actively exploited by Pegasus, a spyware app developed by the Israeli company NSO Group, which has been known to target activists, journalists, and prominent people around the world.

Tracked as CVE-2021-30860, the vulnerability needs little to no interaction by an iPhone user to be exploited—hence the name "FORCEDENTRY."

Discovered on a Saudi activist’s iPhone

In March, researchers at The Citizen Lab decided to analyze the iPhone of an unnamed Saudi activist who was targeted by NSO Group's Pegasus spyware. They obtained an iTunes backup of the device, and a review of the dump revealed 27 copies of a mysterious GIF file in various places—except the files were not images.

They were Adobe Photoshop PSD files saved with a ".gif" extension; the sharp-eyed researchers determined ...


Copyright of this story solely belongs to arstechnica.com . To see the full text click HERE