Quote:Apple users should immediately update all their devices – iPhones, iPads, Macs and Apple Watches – to install an emergency patch for a zero-click zero-day exploited by NSO Group to install spyware.
The security updates, pushed out by Apple on Monday, include iOS 14.8 for iPhones and iPads, as well as new updates for Apple Watch and macOS. The patches will fix at least one vulnerability that the tech behemoth said “may have been actively exploited.”
Citizen Lab first discovered the never-before-seen, zero-click exploit, which it detected targeting iMessaging, last month. It’s allegedly been used to illegally spy on Bahraini activists with NSO Group’s Pegasus spyware, according to the cybersecurity watchdog.
The digital researchers dubbed the new iMessaging exploit ForcedEntry.
Citizen Group said in August that they had identified nine Bahraini activists whose iPhones were inflicted with Pegasus spyware between June 2020 and February 2021. Some of the activists’ phones suffered zero-click iMessage attacks that, besides ForcedEntry, also included the 2020 KISMET exploit.
The activists included three members of Waad (a secular Bahraini political society), three members of the Bahrain Center for Human Rights, two exiled Bahraini dissidents, and one member of Al Wefaq (a Shiite Bahraini political society), Citizen Lab wrote.
The ForcedEntry exploit was particularly notable in that it was successfully deployed against the latest iOS versions – 14.4 & 14.6 – blowing past Apple’s new BlastDoor sandboxing feature to install spyware on the iPhones of the Bahraini activists.
Read more: Apple Issues Emergency Fix for NSO Zero-Click Zero Day | Threatpost
![[-]](https://www.geeks.fyi/images/collapse.png)
