FORCEDENTRY: Apple Device Vulnerability

Uncategorized 1 Minute

CVE-2021-30858 and CVE-2021-30860

Discovered: September 13th, 2021

Impacted Tech: Apple products running the following software: 

macOS Big Sur 

macOS Catalina 

watchOS

iOS

iPadOS

Safari

Attacker Location: External

Highlights: 

These vulnerabilities have been given the scores 8.8 out of 10 and 7.8 out of 10, which are rated as HIGH by the National Institute of Standards and Technology (NIST). 

According to Citizenlab, which is the company who discovered this exploit, this zero-day zero-click exploit targeting iMessage was discovered while analyzing a phone used by a Saudi activist which had been infected with NSO Group’s Pegasus spyware. 

Citizenlab claims that attackers were able to use this exploit, which they have named FORCEDENTRY, to gain control of any device running previous versions of the above listed software through a maliciously crafted PDF sent through iMessage. 

The exploit works by exploiting an integer overflow vulnerability in Apple’s image rendering Library, CoreGraphics. Apple has released several security updates to patch the FORCEDENTRY vulnerability, which are available for review in the “References” section of this report.

It is believed that NSO Group, an Israeli Cybersecurity company, discovered this vulnerability and used it to infect Apple devices with the Pegasus spyware. This spyware was sold to numerous governments in an attempt to spy on the phones of political activists, journalists, and other business people. The spyware has been discovered on 37 phones so far.

What should I do?

Anyone who uses an iPhone or iPad should update their device’s OS version to iOS 14.8 and iPadOS 14.8. 

Mac users should update their devices to Catalina 2021-005, or macOS Big Sur 11.6. 

For those who have an Apple Watch, they should update to watchOS 7.6.2.

The vulnerability targeting the Safari browser has also been patched in the recent Safari 14.1.2 update.

All versions of these software prior to the aforementioned versions are vulnerable to the FORCEDENTRY exploit, so it is extremely important to install the latest updates as soon as possible.

References:

FORCEDENTRY: NSO Group iMessage Zero-Click Exploit Captured in the Wild – The Citizen Lab

Apple patches “FORCEDENTRY” zero-day exploited by Pegasus spyware | Ars Technica

NVD – CVE-2021-30858 (nist.gov)

NVD – CVE-2021-30860 (nist.gov)

Unknown's avatar

Published by Bryan Mooney

Published

Leave a comment