It was recently reported that Apple iOS, macOS, and watchOS users should update their devices as new security patches have been issued for two serious vulnerabilities.
Indeed, one of these vulnerabilities was discovered by the University of Toronto’s Citizen Lab and allegedly used to compromise the devices of activists and reporters. It was stated that it was found out through the installation of spyware called Pegasus, created by NSO Group. The NSO Group’s technology was said to target political activists and reporters, as well as politicians.
By analyzing the iPhone of a Saudi activist infected with Pegasus spyware, Citizen Lab then was able to discover a zero-day zero-click exploit against iMessage. The vulnerability, named ForcedEntry, targets Apple’s image library and can be exploited with a malicious PDF. It is apparently effective since February.