Apple's iMessage targeted by Pegasus spyware from Israeli firm NSO, says cybersecurity watchdog

WION Web Team
San FranciscoUpdated: Sep 14, 2021, 01:11 PM IST

If Apple detects that a user’s device has been compromised by state-sponsored cyber attacks, the company will notify the user through iMessage and email Photograph:(Reuters)

Story highlights

Apple said it was fixing the problem raised by Canada's cybersecurity watchdog, Citizen Lab, as NSO said it will continue providing intelligence and law enforcement agencies with "life-saving technologies"

A report published by security experts at Citizen Lab, a Canada-based cybersecurity watchdog, said it has detected "zero-day zero-click exploit against iMessage" which it calls "forcendentry" or "forced entry". 

The mechanism targets "Apple’s image rendering library" and "was effective against Apple iOS, MacOS and WatchOS devices", the watchdog said.

"Zero-click exploit" means spyware can be deployed without the person even clicking on a link or a file.

"We determined that the mercenary spyware company NSO Group used the vulnerability to remotely exploit and infect the latest Apple devices with the Pegasus spyware," it said. NSO is an Israeli software company.

The lab said "forcendentry" has been in use since February. It added that after discovering the vulnerability, the code was sent to Apple and the company has "assigned forcendentry vulnerability CVE-2021-30860". 


Apple has described it as “processing a maliciously crafted PDF may lead to arbitrary code execution”, the lab said in its report.

The lab discovered the issue while analysing a Saudi activist's phone which was reportedly infected with NSO Group’s Pegasus spyware.

The researchers said unknown vulnerability affected all major Apple devices including Apple watches, Macs and iPhones. The NSO group in a statement said it will "continue to provide intelligence and law enforcement agencies around the world with life-saving technologies to fight terror and crime."

Meanwhile, Apple in a statement said it was correcting the error "rapidly". 

"Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals," the company said.

(With inputs from Agencies)