New iOS zero-click exploit used in attacks against Bahraini activists

New iOS zero-click exploit used in attacks against Bahraini activists

Security researchers at Citizen Lab uncovered a previously undisclosed zero-click iMessage exploit used to deploy NSO Group’s Pegasus spyware on devices belonging to several Bahraini activists.

The attacks, believed to have been orchestrated by LULU, a threat actor linked by researchers to the government of Bahrain, targeted nine Bahraini activists between June 2020 and February 2021.

The hacked activists included three members of Waad (a secular Bahraini political society), three members of the Bahrain Center for Human Rights, two exiled Bahraini dissidents, and one member of Al Wefaq (a Shiite Bahraini political society), Citizen Lab said in its new report.

The attackers used two zero-click iMessage exploits to plant the spyware onto victims’ iPhones - the 2020 KISMET exploit, which previously was observed in attacks targeting journalists at Al Jazeera, and a new exploit chain dubbed ‘FORCEDENTRY’ able to circumvent Apple’s BlastDoor security system, which is basically a sandbox mode that protects the Messages app from the rest of iOS.

While KISMET is aimed at iOS 13.5.1 devices, FORCEDENTRY is targeting the newest iOS 14 devices.

“We saw the FORCEDENTRY exploit successfully deployed against iOS versions 14.4 and 14.6 as a zero-day,” Citizen Lab said.

The researchers said they shared crash logs and some additional phone logs relating to KISMET and FORCEDENTRY with Apple and that the company has launched its own investigation into the matter.

An NSO Group spokesperson told to the Guardian that the company had not received any data from Citizen Lab and could therefore not respond to “rumours” of the group’s findings.

“As always, if NSO receives reliable information related to misuse of the system, the company will vigorously investigate the claims and act accordingly based on the findings,” the spokesperson said.


Back to the list

Latest Posts

Researchers caught embedding hidden AI prompts to sway research reviewers

Researchers caught embedding hidden AI prompts to sway research reviewers

The investigation analyzed English-language preprints published on the research platform arXiv and found concealed AI instructions in 17 papers.
7 July 2025
Brazilian programmer arrested for role in $185 million bank hack

Brazilian programmer arrested for role in $185 million bank hack

João Nazareno Roque, a junior back-end developer at C&M, was allegedly recruited by hackers in a bar in São Paulo.
7 July 2025
APT36 cyber-espionage campaign targeting Indian defense sector via BOSS Linux

APT36 cyber-espionage campaign targeting Indian defense sector via BOSS Linux

More recently, APT36 has shifted its focus to Linux-based environments.
7 July 2025