Security News > 2021 > August > Bahraini Activists Targeted Using a New iPhone Zero-Day Exploit From NSO Group
A previously undisclosed "Zero-click" exploit in Apple's iMessage was abused by Israeli surveillance vendor NSO Group to circumvent iOS security protections and target nine Bahraini activists.
"The hacked activists included three members of Waad, three members of the Bahrain Center for Human Rights, two exiled Bahraini dissidents, and one member of Al Wefaq," researchers from University of Toronto's Citizen Lab said in a report published today, with four of the targets hacked by an actor it tracks as LULU and believed to be the government of Bahrain.
Citizen Lab called the new exploit chain "FORCEDENTRY." It's also a zero-click exploit, meaning that it can be used to trigger an infection simply by sending a malicious message to the target, even without having to click a link or view the message in question.
"As always, if NSO receives reliable information related to misuse of the system, the company will vigorously investigate the claims and act accordingly based on the findings," a spokesperson for NSO Group told The Guardian.
The very next month after its existence came to light, Citizen Lab said it observed NSO Group deploying FORCEDENTRY - which Amnesty International dubbed "Megalodon" - against iOS versions 14.4 and 14.6 as a zero-day expressly engineered to get around the BlastDoor feature by crashing IMTranscoderAgent, a service responsible for transcoding and previewing images in iMessage, in order to download and render items from the Pegasus infection server.
"Despite a half-decade of being implicated in human rights abuses, NSO Group regularly claims that they are committed to protecting human rights," the researchers said.
News URL
Related news
- Exploit code for Palo Alto Networks zero-day now public (source)
- Prompt Hacking, Private GPTs, Zero-Day Exploits and Deepfakes: Report Reveals the Impact of AI on Cyber Security Landscape (source)
- ArcaneDoor hackers exploit Cisco zero-days to breach govt networks (source)
- State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage (source)
- Google fixes Chrome zero-day with in-the-wild exploit (CVE-2024-4671) (source)
- Apple backports fix for RTKit iOS zero-day to older iPhones (source)
- Apple backports fix for zero-day exploited in attacks to older iPhones (source)
- PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers (source)