Tags, , , , , , ,
Super secure VPN
Minimal data logging
Favorable privacy policy

Google Project Zero’s (GPZ) Ian Beer and Samuel Groß have shared details on a new exploit developed by the NSO Group that allows users (high-profile clients) of its software to access any iPhone and install spyware even when the victim doesn’t click a link.
“The capabilities NSO provides rival those previously thought to be accessible to only a handful of nation-states,” Google’s researchers noted.
The information on the exploit, dubbed FORCEDENTRY, was shared by Citizen Lab and Apple’s Security Engineering and Architecture (SEAR) group collaborated with the Google Project Zero team for technical analysis. 
Wow. Just wow. This NSO zero-click iMessage exploit is the most impressive attack code I’ve ever seen. A whole computer architecture built out of a few logic operators… in an EXPLOIT!
The talent of the individuals who came up and developed this technique is beyond impressive https://t.co/X3nVli3bOC
— Dmitri Alperovitch (@DAlperovitch) December 16, 2021

According to GPZ, the new Zero-Click exploit that affects iOS version 14.7.1 and earlier is one of the most “technically sophisticated exploits we’ve ever seen.”
Beer and Groß stated that this exploit is “incredible and terrifying” because it generates an unusually emulated computer environment in an iOS component that handles GIFs and normally doesn’t support scripting capabilities.
SEE: Ex-employee stole secrets of Israeli spyware firm NSO for dark web deals
Furthermore, an attacker can run a code that resembles JavaScript in that component to write to arbitrary memory locations. This issue was reported to GPZ by Citizen Lab, which shared a sample of the NSO Group’s iMessage-based zero-click exploit for Google to analyze.


In November 2021, Apple sued the NSO and filed for a permanent ban on all kinds of software developed by the Group and its services and devices.
Additionally, Canadian firm Citizen Lab’s security researchers had previously identified a memory corruption bug (CVE-2021-30860) in joint research conducted with Amnesty International. The bug allowed a remote attacker to process a maliciously crafted PDF exposing Apple devices to arbitrary code execution.
The researchers identified the bug in the CoreGraphics component of the iOS 14.8 in September 2021 while analyzing Pegasus mobile spyware package from NSO Group. This software can be installed after executing an exploit to jailbreak the iPhone. This bug was later patched by Apple however on December 6th, it was reported that iPhones of 9 State Dept officials were hijacked with the help of NSO Pegasus spyware.
It must be noted that according to GPZ, the zero-click exploit allows Pegasus to enter an iPhone through iMessage and does not require victims to click any link, unlike its previous trick in which victims had to click links received through text messages. With zero-click exploit, victims can be targeted with just their phone number or AppleID username.
SMS text messages received by Ahmed Mansoor, a renowned human rights activist in UAE. (English: “New secrets about the torture of Emiratis in state prisons”). The sender’s phone numbers are spoofed – These texts were sent back in 2016 and required the victim to click the link.
Further, the iMessage gets exposed to spyware due to weaknesses in Apple-enabled GIF images’ additional features. Apple utilizes a Fake GIF technique in the ImageIO library of its iOS to encourage endless looping of standard GIF images.


On the other hand, NSO exploits the Fake GIF trick for targeting the vulnerability in the CoreGraphics PDF parser. This trick also introduces more than twenty new image codecs, which provide attackers with a broader attack surface.
“The CoreGraphics PDF parser doesn’t seem to interpret javascript, but NSO managed to find something equally powerful inside the CoreGraphics PDF parser…” GPZ report readS.
It is worth noting that the US Department of Commerce included the NSO Group in the “Entity List” and banned its products from entering the US markets because the company deployed spyware to foreign governments that targeted US businesses, journalists, government officials, activists, embassy workers, and academics for spying.

Did you enjoy reading this article? Like our page on Facebook and follow us on Twitter.

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism




Newsletter
Get the best stories straight into your inbox!




Don’t worry, we don’t spam
 App Store Google News
HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.
Hackread.com is among the registered trademarks of Gray Dot Media Group Ltd. Company registration number 12903776 in regulation with the United Kingdom Companies House. The registered address is 85 Great Portland Street, London, England, W1W 7LT
The display of third-party trademarks and trade names on the site do not necessarily indicate any affiliation or endorsement of Hackread.com. If you click an affiliate link and buy a product or service, we may be paid a fee by that merchant.

source