On Tuesday, Apple released an emergency patch designed to combat zero-day flaws that affected the iMessage app built into iOS, iPadOS, watchOS and macOS, in an attempt to protect them from a strain of spyware targeting many people.
The vulnerability allowed hackers to spy on devices without users’ knowledge while being exploited by the NSO group’s Pegasus spyware to compromise the phones of journalists, activists, and other known individuals.
The patch covers various Apple products, including iOS 14.8/iPadOS 14.8 for iPhones and iPads, watchOS 7.6.2 for the Apple Watch Series 3 and above, and macOS Big Sur 11.6 for Mac computers.
Prior to Apple’s redevelopment, the Citizen Lab published a report stating that Pegasus Spyware used a zero-day zero-click exploit known as FORCEDENTRY (an exploit targeted at Apple’s image rendering library considered effective against iOS, macOS, and watchOS devices) against iMessage.
While NSO Group claims to have exploited the vulnerability to infect Apple devices with Pegasus software, Citizen Lab has revealed that it believes FORCEDENTRY has since been used as far back as February 2021.
For more information, read the original story in TechRepublic.
