Apple (AAPL) - Get Apple Inc. (AAPL) Report has released an emergency update to address a security flaw on Monday.
An independent watchdog group, Citizen Lab, discovered the security flaw in the company that was used to infect people’s devices through iMessage. The Lab said they discovered a zero-day zero-click exploit against iMessage while analyzing a Saudi activist’s phone infected with NSO Group’s Pegasus spyware.
"While analyzing the phone of a Saudi activist infected with NSO Group’s Pegasus spyware, we discovered a zero-day zero-click exploit against iMessage. The exploit, which we call FORCEDENTRY, targets Apple’s image rendering library, and was effective against Apple iOS, MacOS and WatchOS devices," Citizen Lab said. "We determined that the mercenary spyware company NSO Group used the vulnerability to remotely exploit and infect the latest Apple devices with the Pegasus spyware. We believe that FORCEDENTRY has been in use since at least February 2021."
In response, the iPhone-maker company quickly updated its software crediting the Citizen Lab for their work.
"Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited," said Apple, in its recent security update.