Security News > 2021 > August > Bahraini Activists Targeted Using a New iPhone Zero-Day Exploit From NSO Group
A previously undisclosed "Zero-click" exploit in Apple's iMessage was abused by Israeli surveillance vendor NSO Group to circumvent iOS security protections and target nine Bahraini activists.
"The hacked activists included three members of Waad, three members of the Bahrain Center for Human Rights, two exiled Bahraini dissidents, and one member of Al Wefaq," researchers from University of Toronto's Citizen Lab said in a report published today, with four of the targets hacked by an actor it tracks as LULU and believed to be the government of Bahrain.
Citizen Lab called the new exploit chain "FORCEDENTRY.".
The very next month after its existence came to light, Citizen Lab said it observed NSO Group deploying FORCEDENTRY - which Amnesty International dubbed "Megalodon" - against iOS versions 14.4 and 14.6 as a zero-day expressly engineered to get around the BlastDoor feature by crashing IMTranscoderAgent, a service responsible for transcoding and previewing images in iMessage, in order to download and render items from the Pegasus infection server.
"Despite a half-decade of being implicated in human rights abuses, NSO Group regularly claims that they are committed to protecting human rights," the researchers said.
"The sale of Pegasus to Bahrain is particularly egregious, considering that there is significant, longstanding, and documented evidence of Bahrain's serial misuse of surveillance products including Trovicor, FinFisher, Cellebrite, and, now, NSO Group," the Citizen Lab team added.
News URL
Related news
- Adobe fixes Acrobat Reader zero-day with public PoC exploit (source)
- Adobe fixed Acrobat bug, neglected to mention whole zero-day exploit thing (source)
- Apple Drops Spyware Case Against NSO Group, Citing Risk of Threat Intelligence Exposure (source)
- UK activists targeted with Pegasus spyware ask police to charge NSO Group (source)
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- Hackers exploit 52 zero-days on the first day of Pwn2Own Ireland (source)
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)