Apple issued new security updates Monday following the discovery of a new hack that does not require people to click anything to become a victim.
The Toronto-based research group Citizen Lab said it found a vulnerability that it named FORCEDENTRY weaponized against iMessage, Apple‘s messaging application, that targets Apple‘s image rendering library.
The lab said it discovered the hack on a Saudi activist’s phone, which the group said was infected by the Israeli tech and spyware firm NSO Group.
“Our latest discovery of yet another Apple zero-day employed as part of NSO Group’s arsenal further illustrates that companies like NSO Group are facilitating ‘despotism-as-a-service’ for unaccountable government security agencies,” wrote the Citizen Lab researchers in their report disclosing the vulnerability. “Regulation of this growing, highly profitable, and harmful marketplace is desperately needed.”
NSO Group did not address Citizen Lab’s accusations in its response to the researchers’ report and Apple‘s update.
“NSO Group will continue to provide intelligence and law enforcement agencies around the world with life-saving technologies to fight terror and crime,” said the spyware firm in a statement.
Apple‘s webpage detailing the security updates it issued on Monday does not provide comprehensive details of why the update is necessary.
“For customers’ protection, Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available,” read a statement on Apple‘s website.
For iPhones and iPads, the relevant security update is listed as iOS 14.8 and iPadOS 14.8. Updates for other Apple devices are listed on Apple‘s website.
Citizen Lab’s researchers noted that popular messaging apps such as iMessage are an “irresistible soft target” that will continue to be a focus for hackers unless intense engineering efforts are dedicated to the issue.
“Ubiquitous chat apps have become a major target for the most sophisticated threat actors, including nation-state espionage operations and the mercenary spyware companies that service them,” wrote Citizen Lab’s researchers.