Apple has released iOS 14.8 for iPhones and iPads and consequent new updates for macOS and WatchOS that will patch the NSO’s zero-day flaw that could let Pegasus malware into your Apple Device. The vulnerability was found by Citizen Lab was the first to identify the Forced Entry exploit that affects all Apple iPhones, iPads, Macs, and Watches.
Apple has urged all its users to update their devices with immediate effect that will fix the vulnerability that has been exploited in some devices. The Citizen Lab was the first to find out the zero-day vulnerability used to silently hack into the iPhone used by an activist in a middle eastern country known as Bahrain. This Forced Entry loophole was first reported in August this year after which Apple and Citizen Lab have been working together.
What Is The Zero-day Vulnerability In Apple Devices?
A zero day flaw is a vulnerability that is named as such because the software/hardware companies do not have a single day to roll out the fix and hence it is named Zero-Day. This flaw identified a loophole in Apple’s iMessage app which was exploited to release Pegasus, the dreaded spyware, into iPhones of famous people and journalists. Pegasus was recently brought to light by Amnesty International’s Security Lab which highlighted a list of people whose phones had been infiltrated by NSO, an Israeli cybersecurity company.
The main purpose of this infiltration is to provide complete information of the smartphone and in turn, its owner with regards to the contents, location, photos, messages to the NSO’s government customers. NSO’s only works for governments around the world for a pretty hefty sum and in turn provides all information on people whom the government suspects of conspiracy or creating unrest.
Citizen Lab further explains that this flaw has existed since iOS 14 and the updates iOS 14.4 and iOS 14.6 were susceptible too. Apple claimed to have installed new defenses in iOS 14 which were designed to prevent silent attacks like Pegasus. These defenses were dubbed BlastDoor which were easily exploited by Pegasus and the method came to be known as Force Entry by Citizen Labs.
Who Has Been Affected By This Vulnerability?
Citizen Lab identified activists from Bahrain to be first among the victims of this flaw. The latest findings have revealed a Forced entry exploit on the iPhone carried by an activist of Saudi Arabia. This Forced Entry exploit works on all iPhones across the globe except that have been updated today to iOS 14.8. It can take advantage of the iPhone through the image rendering process of Apple devices.
The findings were reported to Apple almost a week ago by Citizen Lab and this vulnerability was officially codenamed CVE-2021-30860. It also claims that the Forced Entry exploit is related to the NSO group which has been in the news due to the Pegasus scandal.
What Did Apple Say About This Flaw?
“After identifying the vulnerability used by this exploit for iMessage, Apple rapidly developed and deployed a fix in iOS 14.8 to protect our users. We’d like to commend Citizen Lab for completing the very difficult work of obtaining a sample of this exploit so we could develop this fix quickly. Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals. While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data,” said Krstić, Apple’s head of security engineering.
The Final Word On Are All Apple Devices Vulnerable To Pegasus?
Apple has released the required update that will prevent backdoor entry to any malware especially Pegasus. In a brief statement, Apple’s head of security engineering and architecture Ivan Krstić confirmed the fix. It is recommended to update your Apple devices to prevent any infiltration. Pegasus has shocked the entire world on how it has breached the privacy of individuals and revealed information to their respective governments. This has led to widespread criticism but to prevent planned conspiracies, riots, and activities that disturb the peace, a bit of compromise on privacy is something that we can afford. Follow us on social media – Facebook, Instagram and YouTube.