www.bleepingcomputer.com
Open in
urlscan Pro
104.20.60.209
Public Scan
URL:
https://www.bleepingcomputer.com/news/apple/new-zero-click-iphone-exploit-used-to-deploy-nso-spyware/
Submission: On August 27 via api from US
Submission: On August 27 via api from US
Form analysis 6 forms found in the DOM
https://www.bleepingcomputer.com/search/
<form title="Search site" action="https://www.bleepingcomputer.com/search/">
<input type="hidden" name="cx" value="partner-pub-0920899300397823:3529943228">
<input type="hidden" name="cof" value="FORID:10">
<input type="hidden" name="ie" value="UTF-8">
<input type="search" name="q" aria-label="Search Site" placeholder="Search Site">
</form>https://www.bleepingcomputer.com/search/
<form action="https://www.bleepingcomputer.com/search/">
<input type="hidden" name="cx" value="partner-pub-0920899300397823:3529943228">
<input type="hidden" name="cof" value="FORID:10">
<input type="hidden" name="ie" value="UTF-8">
<input type="search" name="q" aria-label="Search Site" placeholder="Search Site">
</form>POST //bleepingcomputer.us10.list-manage.com/subscribe/post?u=3e2b3b692f780cdff40d45346&id=30c98e654e
<form action="//bleepingcomputer.us10.list-manage.com/subscribe/post?u=3e2b3b692f780cdff40d45346&id=30c98e654e" method="post" target="_blank" novalidate="">
<input type="email" name="EMAIL" aria-label="Enter email address" placeholder="Email Address...">
<div style="position: absolute; left: -5000px;"><input type="hidden" aria-hidden="true" name="b_3e2b3b692f780cdff40d45346_30c98e654e" tabindex="-1" value=""></div>
<input type="submit" value="Submit" class="bc_sub_btn">
</form>POST //bleepingcomputer.us10.list-manage.com/subscribe/post?u=3e2b3b692f780cdff40d45346&id=30c98e654e
<form action="//bleepingcomputer.us10.list-manage.com/subscribe/post?u=3e2b3b692f780cdff40d45346&id=30c98e654e" method="post" target="_blank" novalidate="">
<input type="email" aria-label="Enter email address" name="EMAIL" placeholder="Email Address...">
<div style="position: absolute; left: -5000px;"><input type="hidden" aria-hidden="true" name="b_3e2b3b692f780cdff40d45346_30c98e654e" tabindex="-1" value=""></div>
<input type="submit" value="Submit" class="bc_sub_btn">
</form>POST https://www.bleepingcomputer.com/forums/index.php?app=core&module=global§ion=login&do=process&return=https://www.bleepingcomputer.com/news/apple/new-zero-click-iphone-exploit-used-to-deploy-nso-spyware/
<form action="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=login&do=process&return=https://www.bleepingcomputer.com/news/apple/new-zero-click-iphone-exploit-used-to-deploy-nso-spyware/"
method="post">
<div class="bc_form_feild">
<label for="ips_username">Username</label>
<input aria-label="Enter login name" title="Enter login name" type="text" id="ips_username" name="ips_username" autocomplete="username">
</div>
<div class="bc_form_feild">
<label for="ips_password">Password</label>
<input aria-label="Enter login password" title="Enter login passwod" type="password" id="ips_password" name="ips_password" autocomplete="current-password">
</div>
<div class="bc_form_feild">
<div class="bc_remember">
<input id="remember" type="checkbox" name="rememberMe" value="1" checked="checked">
<label for="remember">Remember Me</label>
</div>
<div class="bc_anon">
<input id="anonymous" type="checkbox" name="anonymous" value="1">
<label for="anonymous">Sign in anonymously</label>
</div>
</div>
<div class="bc_btn_wrap">
<input type="hidden" name="auth_key" value="880ea6a14ea49e853634fbdc5015a024">
<input type="submit" aria-label="Login to site" title="Login" value="Login" class="bc_sub_btn">
<a aria-label="Sign in with Twitter" href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=login&serviceClick=twitter&return=https://www.bleepingcomputer.com/news/apple/new-zero-click-iphone-exploit-used-to-deploy-nso-spyware/" class="bc_twitter_btn"><img src="https://www.bleepstatic.com/images/site/login/twitter.png" width="28" height="24" alt="Sign in with Twitter button"> Sign in with Twitter</a>
<hr>
<p>Not a member yet? <a aria-label="Register account" title="Register account" href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=register">Register Now</a></p>
</div>
</form><form>
<input type="hidden" id="comment-id-report" value="0">
<ul>
<li>
<label><input type="radio" name="comment-report-reason" value="Spam">Spam</label>
</li>
<li>
<label><input type="radio" name="comment-report-reason" value="Abusive or Harmful">Abusive or Harmful</label>
</li>
<li>
<label><input type="radio" name="comment-report-reason" value="Inappropriate content">Inappropriate content</label>
</li>
<li>
<label><input type="radio" name="comment-report-reason" value="Strong language">Strong language</label>
</li>
<li>
<label><input type="radio" name="comment-report-reason" value="Other">Other</label>
</li>
<li id="comment-report-other-reason-wrap" style="display:none;">
<textarea aria-label="Enter other reason for reporting the comment" rows="2" cols="2" id="comment-report-other-reason"></textarea>
</li>
</ul>
<p>Read our <a href="https://www.bleepingcomputer.com/posting-guidelines/">posting guidelinese</a> to learn what content is prohibited.</p>
</form>Text Content
*
*
*
*
*
*
* News
* Featured
* Latest
* Microsoft: ProxyShell bugs “might be exploited,” patch servers now!
* SteelSeries bug gives Windows 10 admin rights by plugging in a device
* Critical F5 BIG-IP bug impacts customers in sensitive sectors
* Western Digital confirms speed crippling SN550 SSD flash change
* Windows 10 upgrades blocked by old CryptoPro SCP versions
* Fake DMCA complaints, DDoS threats lead to BazaLoader malware
* Microsoft warns Azure customers of critical Cosmos DB vulnerability
* Get started in cybersecurity with this ethical hacking course bundle
* Downloads
* Latest
* Most Downloaded
* Qualys BrowserCheck
* STOPDecrypter
* AuroraDecrypter
* FilesLockerDecrypter
* AdwCleaner
* ComboFix
* RKill
* Junkware Removal Tool
* Virus Removal Guides
* Latest
* Most Viewed
* Ransomware
* How to remove the PBlock+ adware browser extension
* Remove the Toksearches.xyz Search Redirect
* Remove the Smashapps.net Search Redirect
* Remove the Smashappsearch.com Search Redirect
* Remove Security Tool and SecurityTool (Uninstall Guide)
* How to remove Antivirus 2009 (Uninstall Instructions)
* How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
* How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using
TDSSKiller
* Locky Ransomware Information, Help Guide, and FAQ
* CryptoLocker Ransomware Information Guide and FAQ
* CryptorBit and HowDecrypt Information Guide and FAQ
* CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
* Tutorials
* Latest
* Popular
* How to make the Start menu full screen in Windows 10
* How to install the Microsoft Visual C++ 2015 Runtime
* How to open an elevated PowerShell Admin prompt in Windows 10
* How to Translate a Web Page in Google Chrome
* How to start Windows in Safe Mode
* How to remove a Trojan, Virus, Worm, or other Malware
* How to show hidden files in Windows 7
* How to see hidden files in Windows
* Deals
* Categories
* eLearning
* IT Certification Courses
* Gear + Gadgets
* Security
* Forums
* More
* Startup Database
* Uninstall Database
* File Database
* Glossary
* Chat on Discord
* Send us a Tip!
* Welcome Guide
* Home
* News
* Apple
* New zero-click iPhone exploit used to deploy NSO spyware
* AddThis Sharing Buttons
Share to FacebookFacebookShare to TwitterTwitterShare to
LinkedInLinkedInShare to RedditReddit41Share to Hacker NewsHacker NewsShare
to EmailEmail
*
NEW ZERO-CLICK IPHONE EXPLOIT USED TO DEPLOY NSO SPYWARE
By
SERGIU GATLAN
* August 24, 2021
* 09:23 AM
* 0
Digital threat researchers at Citizen Lab have uncovered a new zero-click
iMessage exploit used to deploy NSO Group's Pegasus spyware on devices belonging
to Bahraini activists.
In total, nine Bahraini activists (including members of the Bahrain Center for
Human Rights, Waad, Al Wefaq) had their iPhones hacked in a campaign partially
orchestrated by a Pegasus operator linked with high confidence to the government
of Bahrain by Citizen Lab.
The spyware was deployed on their devices after being compromised using two
zero-click iMessage exploits (that do not require user interaction): the 2020
KISMET exploit and a new never-before-seen exploit dubbed FORCEDENTRY
(previously tracked by Amnesty Tech as Megalodon).
PLAY Top Articles Video Settings Full Screen About Connatix V127634 Read More
Read More Read More Read More Read More Read More Windows 10 upgrades blocked by
old CryptoProSCP versions 1/1 Skip Ad Continue watching after the ad Visit
Advertiser website GO TO PAGE
NEW IPHONE ZERO-CLICK EXPLOIT IN USE SINCE FEBRUARY 2021
NSO Group attacks using the new iMessage zero-click (which circumvents the
iOS BlastDoor feature designed to block such exploits) were first spotted in
February 2021.
"We saw the FORCEDENTRY exploit successfully deployed against iOS versions 14.4
and 14.6 as a zero-day," Citizen Lab said.
"With the consent of targets, we shared these crash logs and some additional
phone logs relating to KISMET and FORCEDENTRY with Apple, Inc., which confirmed
they were investigating."
While protecting against the iMessage exploits would only require disabling
iMessage and FaceTime, NSO Group has also used exploits targeting other
messaging apps, including WhatsApp.
Furthermore, disabling iMessage will lead to other issues, including sending
unencrypted messages that a resourceful threat actor could easily intercept.
Unfortunately, until Apple issues security updates to address the flaws targeted
by NSO Group's FORCEDENTRY exploit, the only thing potential targets could do to
protect themselves is to disable all apps the Israeli surveillance firm could
potentially target.
Countries where journalists were targeted with spyware (Forbidden Stories)
NSO GROUP'S PEGASUS USED IN HIGH-PROFILE ATTACKS
The attacks revealed by Citizen Lab in today's report are part of just one of a
long string of reports and papers documenting NSO Group's Pegasus spyware used
to spy on journalists and human rights defenders (HRDs) worldwide.
Pegasus, a spyware tool developed by Israeli surveillance firm NSO Group,
is marketed as surveillance software "licensed to legitimate government agencies
for the sole purpose of investigating crime and terror."
Two years ago, Facebook sued Israeli cyber-surveillance firm NSO Group for
creating and selling a WhatsApp zero-day exploit used to infect the devices of
high-profile targets such as government officials, diplomats, and journalists
with spyware.
Citizen Lab revealed in 2018 that they discovered some Pegasus licensees using
it for cross-border surveillance in countries with state security services that
had a history of abusive behavior.
Last but not least, Human rights non-governmental organization Amnesty
International and non-profit project Forbidden Stories revealed in a separate
July report that NSO Group-made spyware was deployed on iPhones running Apple's
latest iOS release using zero-click iMessage exploits targeting multiple iOS
zero-days.
Citizen Lab independently observed Pegasus deployed on an iPhone 12 Pro Max
running iOS 14.6 (the OS's latest release), hacked using a zero-day zero-click
iMessage exploit, which did not require interaction from the targets.
"The mechanics of the zero-click exploit for iOS 14.x appear to be substantially
different than the KISMET exploit for iOS 13.5.1 and iOS 13.7, suggesting that
it is in fact a different zero-click iMessage exploit," Citizen Lab said at the
time.
"These most recent discoveries indicate NSO Group's customers are currently able
to remotely compromise all recent iPhone models and versions of iOS," Amnesty
International and Forbidden Stories added.
An Apple spokesperson was not available for comment when contacted by
BleepingComputer earlier today.
RELATED ARTICLES:
iPhones running latest iOS hacked to deploy NSO Group spyware
Apple fixes zero-day affecting iPhones and Macs, exploited in the wild
Apple fixes bug that breaks iPhone WiFi when joining rogue hotspots
Apple fixes three zero-days, one abused by XCSSET macOS malware
iPhone WiFi bug morphs into zero-click hacking, but there's a fix
* Apple
* Exploit
* iOS
* iPhone
* NSO Group
* Pegasus Spyware
* Spyware
* Zero-Day
* Facebook
* Twitter
* LinkedIn
* Email
*
SERGIU GATLAN
Sergiu Gatlan is a reporter who covered cybersecurity, technology, Apple,
Google, and a few other topics at Softpedia for more than a decade. Email or
Twitter DMs for tips.
* Previous Article
* Next Article
POST A COMMENT COMMUNITY RULES
YOU NEED TO LOGIN IN ORDER TO POST A COMMENT
Not a member yet? Register Now
YOU MAY ALSO LIKE:
Popular Stories
* Critical F5 BIG-IP bug impacts customers in sensitive sectors
* Microsoft: ProxyShell bugs “might be exploited,” patch servers now!
NEWSLETTER SIGN UP
To receive periodic updates and news from BleepingComputer, please use the form
below.
NEWSLETTER SIGN UP
* Follow us:
*
*
*
*
MAIN SECTIONS
* News
* Downloads
* Virus Removal Guides
* Tutorials
* Startup Database
* Uninstall Database
* File Database
* Glossary
COMMUNITY
* Forums
* Forum Rules
* Chat
USEFUL RESOURCES
* Welcome Guide
* Sitemap
COMPANY
* About BleepingComputer
* Contact Us
* Send us a Tip!
* Advertising
* Write for BleepingComputer
* Social & Feeds
* Changelog
Terms of Use - Privacy Policy - Ethics Statement
Copyright @ 2003 - 2021 Bleeping Computer® LLC - All Rights Reserved
LOGIN
Username
Password
Remember Me
Sign in anonymously
Sign in with Twitter
--------------------------------------------------------------------------------
Not a member yet? Register Now
REPORTER
HELP US UNDERSTAND THE PROBLEM. WHAT IS GOING ON WITH THIS COMMENT?
* Spam
* Abusive or Harmful
* Inappropriate content
* Strong language
* Other
*
Read our posting guidelinese to learn what content is prohibited.
Submitting...
SUBMIT