720-891-1663

Return to the list of client alerts

Apple Releases Emergency Patch for FORCEDENTRY

Most of you know that client alerts come out on Wednesday, so if this one is coming to your mailbox on Monday, it must be important.

The NSO Group, the Israeli company that builds hacking tools for [anyone who’s check clears] law enforcement to break into locked phones, discovered a really bad zero-day exploit for iPhones, macs and iWatches.

It is really bad because it works on everything including a fully patched iPhone and IT REQUIRES NO USER INTERACTION AND IS INVISIBLE TO THE USER.

People are being really dicey regarding how long this as been being used, but likely at least 6 months but probably more. Possibly a lot longer.

Security researchers CITIZEN LAB discovered it and shared it with Apple.

For whatever reason, it appears that it took Apple six months to develop a patch.

Is that because Apple was in on the hack and as long as it stayed under the radar, Apple was willing to let this one slide as a way to score brownie points with various governments? No telling, but I certainly would not rule that out.

In any case, Apple is saying PATCH NOW.

While Apple was at it patching zero-days, they decided to patch another zero-day at the same time.

This makes [zero days] numbers 14 and 15 so far this year.

This malware can control the user’s microphone, camera, access any content on the device include supposedly secure messages and calls.

The only good news is that NSO group may have deployed this particular malware sparingly in an effort to keep it under wraps.

HOWEVER, now that it is known, other hackers may choose to use it actively. The fact that Apple is saying patch now supports this theory.

In any case, we recommend forcing the patching of all Apple devices since, left to its own, it might take a month for all devices to get the patches.

Credits: The Guardian

The Record

Metacurity