Apple released an emergency fix in the form of the update iOS 14.8 and urges all users to update their OS as soon as possible. The 14.8 update, that was pushed out yesterday, is for both iPhones and iPads, along with new updates for macOS and watchOS as well. According to the tech giant, this new emergency fix will help patch up at least one vulnerability that “may have been actively exploited.”
As seen from the above tweet, Citizen Lab was the first to discover the new and unseen exploit which targets iMessage, Apple’s own messaging platform. According to Citizen Lab, this exploit had allegedly been used to illegally spy on Bahraini activists with the Israeli spyware company NSO group’s infamous Pegasus spyware.
Last month, Citizen Lab, a cybersecurity research organization part of the University of Toronto, reported that the iPhone of a Saudi activist was hacked with the NSO group’s Pegasus spyware after a bunch of files with the ‘.gif’ were found to be sent to the iPhone just before it was infected.
Citizen Lab also report that they forwarded the information to Apple yesterday, and Apple has now already rolled out an emergency fix for the zero-day exploit. According to Apple’s security updates page, this exploit works by abusing an “integer overflow vulnerability” in Apple’s image rendering library, CoreGraphics.
ForcedEntry and the Apple emergency fix
Citizen Lab first discovered the deployment of the ForcedEntry exploit in February 2021, right after Apple introduced ‘BlastDoor’ which is meant to be an improvement to iOS 14’s structure to block zero-click exploits just like this.
According to Citizen Lab’s report, they have identified nine Bahraini activists whose iPhones were infected with the Pegasus spyware. These infections took place between June 2020 and February 2021. The activists included three members of Waad, a secular Bahraini political society; two exiled Bahraini dissenters; three members of the Bahrain Centre for Human Rights (BCHR); and one member of Wefaq, a Shiite Bahraini political society.
At the time of the infection, Citizen Lab also believes that at least one activist was residing in London. The cybersecurity watchdog suggests that a Pegasus operator with associations to a different government might have been involved with the hacking of the activist(s) based out of London.
“We attributed the hacking of Activists A-D (three members of Waad, and one member of BCHR) to a Bahrain government operator of Pegasus that we call LULU…LULU appeared to be spying exclusively in Bahrain and Qatar.”via the Citizen Lab report about the Bahraini Activists
As for Apple, they responded to Citizen Labs almost immediately and put out an emergency fix to rectify this major issue.
Apple has always been known to take privacy very seriously. Only last month, Apple announced NeuralHash, a new technology for child sex abuse material (CSAM) detection for iCloud photos (postponed due to ongoing debates related to user privacy).
In an article by Threatpost, the head of Apple Security Engineering and Architecture, Ivan Krstić, has said that these kinds of sophisticated attacks are focused more on very specific individuals as the implementation costs of these attacks are exorbitant. He goes on to say that there is nothing to worry about “for most people” and Apple is always aiming to protect the devices and data of each and every customer.
Yesterday, at Apple’s iPhone product launch event, the company has said that a lot of new privacy features will be built-in to the new devices as well as implemented on all other devices via iOS 15 (due to come out this Monday). However, speakers at the event did not address the controversial CSAM detection technology or the threat of spyware such as Pegasus.
As of now, both Citizen Lab and Apple continue to urge all Apple users to install the emergency fix, that is iOS 14.8.