All iPhones, with iOS versions before 14.8, all Mac computers with operating system versions before OSX Big Sur 11.6, Security Update 2021-005 Catalina, and all Apple Watches before watchOS 7.6.2, were affected by the exploit. Photo: ReutersAll iPhones, with iOS versions before 14.8, all Mac computers with operating system versions before OSX Big Sur 11.6, Security Update 2021-005 Catalina, and all Apple Watches before watchOS 7.6.2, were affected by the exploit. Photo: ReutersResearchers at Canada-based interdisciplinary laboratory Citizen Lab, in its latest report, said that while analysing the phone of a Saudi activist infected with NSO Group’s Pegasus spyware, they discovered a 'zero-day zero-click exploit' against iMessage.The exploit, named Forcedentry, targets Apple’s image rendering library and was effective against Apple iOS, macOS and WatchOS devices.
The researchers said the Israel-based NSO Group used the vulnerability to remotely exploit and infect the latest Apple devices with the Pegasus spyware. The exploit was being used since at least February 2021, the report said.
Using the zero-click method, the spyware can turn on a user's camera and microphone. It can even record calls, messages, texts, and emails. It can even record data sent via end-to-end encryption platforms. All the compromised data is then sent to the NSO clients.
The Citizen Lab also disclosed the vulnerability to Apple, which released a patch or an update on September 13, asking users to update their devices on an emergency basis.
The report says all iPhones, with iOS versions before 14.8, all Mac computers with operating system versions before OSX Big Sur 11.6, Security Update 2021-005 Catalina, and all Apple Watches before watchOS 7.6.2, were affected by the exploit.
Also read: Apple releases critical software patch to plug security flaw related to Pegasus spyware
How Citizen Lab discovered the exploit?
In March 2021, the researchers at Citizen Lab examined the phone of a Saudi activist, who has chosen to remain anonymous. During the probe, it was found that this device was hacked with NSO Group’s Pegasus spyware.
"Recent re-analysis of the backup yielded several files with the “.gif” extension in Library/SMS/Attachments that we determined were sent to the phone immediately before it was hacked with NSO Group’s Pegasus spyware," the report claims.
The format of the files matched two types of crashes observed on another phone when it was hacked with NSO's Pegasus spyware. The researchers concluded the “.gif” files might contain parts of the exploit chain, also named as Forcedentry chain.
Notably, the 'zero-click' exploit is known as the holy grail of surveillance as it allows exploits to work on anyone's device without even tipping them off.
Meanwhile, Apple has confirmed the files included a zero-day exploit against iOS and macOS. They designated the exploit and described it as “processing a maliciously crafted PDF may lead to arbitrary code execution.”
Also read: SC to pass order in 2-3 days on pleas seeking probe into Pegasus row
Why NSO group?
The researchers said the spyware installed by the exploit exhibited a forensic artifact named Cascadefall. It's a bug whereby evidence is incompletely deleted from the phone. "We have only ever seen this type of incomplete deletion associated with NSO Group’s Pegasus spyware, and we believe that the bug is distinctive enough to point back to NSO," the Citizen Lad report said.
The spyware installed by this exploit uses multiple process names, including the name “set framed”. This process name was used in an attack with NSO Group’s Pegasus spyware on an Al Jazeera journalist in July 2020.
The Israel-based controversial NSO group has been called out time and again for selling technology to governments across the world, which further use it for acts that are in violation of international human rights laws.
Pegasus row in India
An international media consortium had recently reported that over 300 verified Indian mobile phone numbers were on the list of potential targets for surveillance using Pegasus spyware.
It alleged that Israeli firm NSO's spyware was used for snooping by government agencies on eminent citizens, politicians and scribes.
Following an uproar in India, several pleas were filed in the Supreme Court, seeking an independent probe on the allegations. The government has, however, denied of all the allegations against it, saying it “nothing to hide”.
For Unparalleled coverage of India's Businesses and Economy – Subscribe to Business Today Magazine
Markets face triple risk: India-Pakistan tension, FII outflows, and earnings storm brewing
'A 40% IPL tax could build 10 IITs': Bengaluru professor questions India’s vision priorities
'Visit Kullu's Shangarh instead, it's even more beautiful': Traveller urges shift from Kashmir after Pahalgam
How 3 engineers forced India’s Indus Water win: Historian revisits Pakistan’s 1947 shock
'In a month or so, Americans will feel what sanctions are like,' warns Shankar Sharma
Why Article 142 Is Triggering Tug Of War Between Judiciary And Executive | Explained
Gold ETFs Vs. Physical Gold | Jim Rogers' Guide To Crisis Protection
Trump Tariff | Kenneth Andrade on India’s Resilience Amid Trade Uncertainty
Being Polite To ChatGPT Could Be Costing Millions: The Shocking Reality Behind AI's Hidden Energy
Understanding The Impact Of India’s Suspension Of The Indus Water Treaty On Pakistan
Markets face triple risk: India-Pakistan tension, FII outflows, and earnings storm brewing
India–Pakistan tensions: Why markets may stay resilient despite heightened tensions 
Jio Platforms reports 25.7% profit surge in Q4 FY25, ARPU climbs to Rs 206.2
'A ₹50 crore payoff': How IIT Madras turned a ₹29 lakh bet into a massive Ather Energy windfall
Ather Energy raises Rs 1,340 cr from anchor investors ahead of IPO launch on April 28