Security researchers are urging Apple product users to upgrade their devices as soon as possible. Two critical vulnerabilities were confirmed and identified as CVE-2021-30860, aka “FORCEDENTRY,” by Citizen Lab and CVE-2021-30858, brought to light by an anonymous researcher. Both have the capability of infecting Apple products by allowing compromised documents to execute commands. However, CVE-2021-30860 presents itself as an advanced iteration of the controversial spyware, Pegasus. Researchers discovered its ability to infect vulnerable devices via a “zero-click attack”. The silent malware bypassed Apple’siOS BlastDoor security by exploiting previous vulnerabilities found in iMessage.
Over the last six years, NSO Group’s Pegasus has gained notoriety after reports have pointed to its deployment on activists, journalists, and dissidents as a method of surveillance by governments, mercenaries, and criminals. Citizen Lab security researchers have stated that “NSO Group are facilitating ‘despotism-as-a-service’ for unaccountable government security agencies. Regulation of this growing, highly profitable, and harmful marketplace is desperately needed.”
NSO Group has not commented on Citizen Lab’s latest findings and has stated that it will continue to provide intelligence to law enforcement agencies around the world.