14 September 2021

Apple fixes zero-day used to deploy Pegasus spyware


Apple fixes zero-day used to deploy Pegasus spyware

Apple has released security updates for macOS, iOS, iPadOS, and watchOS to address two zero-day vulnerabilities, one of which was exploited in order to deploy the FORCEDENTRY exploit developed by Israeli spyware maker NSO Group on phones of multiple activists earlier this year.

Tracked as CVE-2021-30860, the vulnerability exists due to integer overflow when processing PDF files within the CoreGraphics component. A remote attacker can trick the victim to open a specially crafted PDF file, trigger integer overflow and execute arbitrary code on the target system.

Last month, security researchers at Citizen Lab detailed a previously undisclosed zero-click iMessage exploit used to deploy NSO Group’s Pegasus spyware on devices belonging to several Bahraini activists.

The attacks, believed to have been orchestrated by LULU, a threat actor linked by researchers to the government of Bahrain, targeted nine Bahraini activists between June 2020 and February 2021.

The FORCEDENTRY exploit works on iOS 14 devices and is able to circumvent Apple’s BlastDoor security system, which is basically a sandbox mode that protects the Messages app from the rest of iOS.

Additionally, Apple fixed a second zero-day vulnerability, tracked as CVE-2021-30858, which impacts Safari’s WebKit browser engine. The flaw stems from a use-after-free error when processing HTML content in WebKit. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.

The Cupertino-based company did not reveal further information about the vulnerability, or when and by whom it was abused.

Back to the list

Latest Posts

Hackers steal over $120 million in crypto from DeFi project BadgerDAO

Hackers steal over $120 million in crypto from DeFi project BadgerDAO

The attackers stole more than 2,100 Bitcoin and 151 Ether from Badger user accounts.
3 December 2021
Hackers actively exploiting critical Zoho ManageEngine ServiceDesk Plus flaw to drop web shells

Hackers actively exploiting critical Zoho ManageEngine ServiceDesk Plus flaw to drop web shells

According to the FBI and CISA, threat actors have been exploiting the bug since late October 2021.
3 December 2021
Former Ubiquiti dev tried to extort his employer posing as a hacker

Former Ubiquiti dev tried to extort his employer posing as a hacker

Nickolas Sharp allegedly stole gigabytes of confidential data from the company and used it to demand nearly $2 million in ransom.
3 December 2021