Even within the face of state pressure, Apple’s privacy stance may have endeared it to several activists and other people of interest, but that also means its devices became even bigger hacking targets. Several high-profile organizations and corporations have made it their business to bypass Apple’s strong protections and steal data from compromised iPhones and Macs, often owned by people in peril of state-sponsored espionage. That seems to be the case with a replacement exploit discovered this year that has been traced to the notorious NSO Group’s Pegasus spyware, and everyone that it takes to trigger the exploit may be a seemingly innocuous GIF sent through iMessage.
Zero-click exploits on iMessage aren’t exactly new and should are one among the NSO Group’s favorite points of attack to hack iPhones. Last year, Al Jazeera employees fell victim to such an attack that has been attributed to Saudi Arabia and UAE. The exploit didn’t require that targets click on a malicious link, only that they receive a specially-crafted message.
Similar incidents happened this year even after Apple patched the sooner vulnerability. Citizen Lab examined an iPhone infected by the NSO Group’s Pegasus spyware and discovered traces of suspicious files with a .gif extension. In truth, however, these files were maliciously crafted PDFs that exploited a bug in Apple’s CoreGraphics system to execute malicious code.
The security researcher christened the exploit as FORCEDENTRY, and everyone needed to trigger it had been for the target iPhone to receive such a GIF file. Analyzing the spyware installed by FORCEDENTRY showed similarities to the dreaded Pegasus Spyware. NSO Group’s customers include governments known for spying on their citizens, dissidents, activists, and political enemies.
The good news is that Apple is on top of things and has pushed iOS 14.8, macOS Big Sur 11.6, and watchOS 7.6.2 to shut that security hole. All users are encouraged to update to those latest versions, especially those involved in handling sensitive information. With iOS 15 just around the corner, the times of zero-click exploits associated with Apple’s CoreGraphics framework will hopefully come to an end also.
