{"id":2839,"date":"2022-03-07T12:50:00","date_gmt":"2022-03-07T12:50:00","guid":{"rendered":"https:\/\/sectigostore.com\/blog\/?p=2839"},"modified":"2022-02-10T19:34:52","modified_gmt":"2022-02-10T19:34:52","slug":"apple-zero-click-attack-can-forcedentry-affect-my-iphone","status":"publish","type":"post","link":"https:\/\/sectigostore.com\/blog\/apple-zero-click-attack-can-forcedentry-affect-my-iphone\/","title":{"rendered":"Apple Zero Click Attack: Can FORCEDENTRY Affect My iPhone?"},"content":{"rendered":"\n

Zero click attacks are not new, but the concept spread like wildfire after Pegasus spyware hit the headlines. FORCEDENTRY is the latest way for Pegasus to infect iPhones \u2013 so here\u2019s everything you need to know about this Apple zero-click vulnerability<\/h2>\n\n\n\n

News about Pegasus spyware<\/a> has shaken the world. Apple users in countries around the globe have growing concerns about whether their personal information is being leaked and aren\u2019t sure what they can about it. Many of us know to be careful when opening attachments or links. But although being vigilant will help you avoid getting hacked, generally speaking, there\u2019s a type of attack that can invade your device even if you don\u2019t click anything. It\u2019s called an Apple zero click attack.<\/p>\n\n\n\n

In this article, we\u2019ll examine the zero-click iOS vulnerability that allows Pegasus spyware to invade iOS devices and provide the latest updates about the situation.<\/p>\n\n\n\n

The Bad News: An Apple Zero Click Attack Targeted iOS Devices<\/h2>\n\n\n\n

On Sept. 13, 2021, researchers at Citizen Lab published a report<\/a> about a zero click exploit<\/a> affecting Apple devices they named FORCEDENTRY. FORCEDENTRY\u2019s malicious code was spread through the iMessages app and exploited a vulnerability in iOS\u2019s image rendering library (CoreGraphics). This zero-click iOS exploit was used to deliver the infamous Pegasus spyware, which was created by the NSO group (a state-sponsored surveillance company in Israel).<\/p>\n\n\n\n

While inspecting the phone of a Saudi activist, Citizen Lab\u2019s scientists discovered that Pegasus spyware was delivered through a zero-click exploit and was being used for espionage. The researchers found 27 files with .gif extensions in Library\/SMS\/Attachments of the infected device, which were actually Adobe PSD and PDF files carrying the Pegasus payload.<\/p>\n\n\n\n

FORCEDENTRY doesn\u2019t require the victim to open the link they receive in iMessages for their device to become infected. But what makes things worse is another bug that kicks into effect called CASCADEFAIL. This vulnerability enables bad guys to delete critical entries from usage and process logs. In the case of FORCEDENTRY, this bug allowed the NSO group to delete the evidence from the phone\u2019s DataUsage.sqlite file. <\/p>\n\n\n\n

Yup, there\u2019s a lot of bad news to sort through here. However, there\u2019s also a silver lining: Pegasus isn\u2019t<\/strong> a type of <\/strong>self-replicating malware.<\/strong> In other words, it stays on the targeted victim\u2019s device and doesn\u2019t get transferred to other people\u2019s devices when the victim transfers any other data or messages to them from the infected devices.<\/p>\n\n\n\n

The Good News: Apple Issued a Fix for the FORCEDENTRY Exploit<\/h2>\n\n\n\n

According to The Citizen Lab\u2019s report, Apple has fixed this vulnerability and published a patch for iOS 14.8 and iPadOS 14.8 on Sept. 13, 2021. They named Apple\u2019s zero-click vulnerability CVE-2021-30860<\/a> and asked everyone to update their software.<\/p>\n\n\n\n

\"A
A screenshot of the FORCEDENTRY vulnerability that Apple issued a fix for on Sept. 13, 2021. <\/figcaption><\/figure>\n\n\n\n

So, if you haven\u2019t applied this update yet on your devices, you should do it now. This will fix the vulnerability that allows the FORCEDENTRY exploit to work in the first place.<\/p>\n\n\n\n

More About Pegasus Spyware on iOS Devices<\/h2>\n\n\n\n

FORCEDENTRY has been active since February 2021, although the patch that fixes the exploit was issued by Apple in September 2021. It is linked to the previously discovered KISMET exploit<\/a>, which was active between June 2020 and February 2021 and was used to spy on Bahraini activists. Apple fixed an underlying vulnerability in iMessage by introducing BlastDoor<\/a> in iOS 14. According to The Citizen Lab\u2019s report, NSO developed FORCEDENTRY to circumvent BlastDoor.<\/p>\n\n\n\n

This is not the first time NSO group has exploited vulnerabilities in iOS to deliver Pegasus spyware. In fact, this spyware variant has been on the radar of The Citizen Lab\u2019s security experts since 2016 when they published a report<\/a> sharing that the NSO group was exploiting iPhone zero-day vulnerabilities to spy on a human right activist in the UAE.<\/p>\n\n\n\n

Am I At Risk of a Zero Click Attack?<\/h2>\n\n\n\n

As far as Apple zero click Pegasus spyware is concerned, you probably don\u2019t need to worry about it unless you don\u2019t apply Apple\u2019s update to your device, or you are a likely target:<\/p>\n\n\n\n