Apple’s privacy stance, even in the face of government pressure, may have endeared it to many activists and people of interest, but that also means its devices have become even bigger hacking targets. Several high-profile organizations and companies have made it their business to circumvent Apple’s strong protections and pilfer data from compromised iPhones and Macs, often owned by people in danger of state-sponsored espionage. That seems to be the case with a new exploit discovered this year that has been traced to the notorious NSO Group’s Pegasus spyware, and all that it takes to trigger the exploit is a seemingly innocuous GIF sent through iMessage.
Zero-click exploits on iMessage are not exactly new and may have been one of the NSO Group’s favorite points of attack to hack iPhones. Last year, Al Jazeera employees fell victim to such an attack that has been attributed to Saudi Arabia and UAE. The exploit didn’t even require that targets click on a malicious link, only that they receive a specially-crafted message.
Similar incidents happened this year even after Apple patched the earlier vulnerability. Citizen Lab examined an iPhone infected by the NSO Group’s Pegasus spyware and discovered traces of suspicious files with a .gif extension. In truth, however, these files were maliciously crafted PDFs that exploited a bug in Apple’s CoreGraphics system to execute malicious code.
The security researcher christened the exploit as FORCEDENTRY, and all that was needed to trigger it was for the target iPhone to receive such a GIF file. Analyzing the spyware installed by FORCEDENTRY showed similarities to the dreaded Pegasus Spyware. NSO Group’s customers include governments known for spying on their own citizens, dissidents, activists, and political enemies.
The good news is that Apple is on top of things and has pushed iOS 14.8, macOS Big Sur 11.6, and watchOS 7.6.2 to close that security hole. All users are encouraged to update to these latest versions, especially those involved in handling sensitive information. With iOS 15 just around the corner, the days of zero-click exploits related to Apple’s CoreGraphics framework will hopefully come to an end as well.