Apple Issues iOS 14.8 And MacOS 11.6 To Fix Serious ForcedEntry Zero-Click Security Flaw

by Brandon Hill — Tuesday, September 14, 2021, 09:18 AM EDT

On the eve of its big iPhone 13 unveil, Apple was forced to issue a new software update for its iPhone, iPad, and Mac product lines. As a result, iOS 14.8 and iPadOS 14.8 are now available for the iPhone and iPad, respectively, while Apple issued macOS 11.6 for Macs.

One of the driving factors behind the release of the software updates is a so-called "zero-click" security exploit developed by NSO Group. Citizen Lab has labeled the exploit FORCEDENTRY, and it uses iMessage as an attack vector. Victims were sent files with a .gif extension through iMessage that were actually "maliciously crafted" PDF files that could result in arbitrary code execution.

FORCEDENTRY is so dangerous because it's considered zero-click, and the target isn't even required to interact with the iMessage. Once the device receives the iMessage, the attacker already has the ability to exploit an iPhone or iPad, for example.

Citizen Lab came to its conclusions by analyzing an iTunes backup of a Saudi activist that claimed to have been hacked by Pegasus spyware. What the reseachers discovered in the code was quite revealing, including the sheer sophistication of the security exploit:

27 copies of an identical file with the ".gif" extension. Despite the extension, the file was actually a 748-byte Adobe PSD file. Each copy of this file caused an IMTranscoderAgent crash on the device. These files each had random-looking ten-character filenames.
Four different files with the ".gif" extension that were actually Adobe PDF files containing a JBIG2-encoded stream. Two of these files had 34-character names, and two had 97-character names.

It was later determined that the NSO Group exploited an integer overflow vulnerability in Apple's CoreGraphics image rendering library, which has now been assigned CVE-2021-30860.

"Our latest discovery of yet another Apple zero day employed as part of NSO Group's arsenal further illustrates that companies like NSO Group are facilitating "despotism-as-a-service" for unaccountable government security agencies," Citizen Lab writes. "Regulation of this growing, highly profitable, and harmful marketplace is desperately needed."

For its part, Apple was notified of Citizen Group's finding on September 7^th, and a patch was issued in less than a week. "Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals," said Ivan Krstić, head of Apple Security Engineering and Architecture.

We'd urge iPhone, iPad, and Mac users to update their devices immediately using the on-device Software Update mechanism. Apple Watch users are also affected, and they can update to watchOS 7.6.2 using the Software Update feature on a paired iPhone from within the Apple Watch app.

Tags: Apple, security, exploit, (NASDAQ:AAPL), forcedentry, ios 14.8, macos 11.6

Brandon Hill

Brandon received his first PC, an IBM Aptiva 310, in 1994 and hasn’t looked back since. He cut his teeth on computer building/repair working at a mom and pop computer shop as a plucky teen in the mid 90s and went on to join AnandTech as the Senior News Editor in 1999. Brandon would later help to form DailyTech where he served as Editor-in-Chief from 2008 until 2014. Brandon is a tech geek at heart, and family members always know where to turn when they need free tech support. When he isn’t writing about the tech hardware or studying up on the latest in mobile gadgets, you’ll find him browsing forums that cater to his long-running passion: automobiles.

Opinions and content posted by HotHardware contributors are their own.