September 14, 2021

CYBER ALERT: A Zero-Day, Zero-Click Exploit Infecting Apple Devices.

by: Align

Apple has issued an urgent software software update for iPhones to address a critical vulnerability known as FORCEDENTRY. For Fund Managers, and all apple users in general, this exploit poses a substantial information security threat. 

Read on for more information about the new vulnerability and how to protect against it. 

What is FORCEDENTRY?

FY21Q3_iOS Cyber Alert_Blog

A zero-day, zero-click exploit that infects apple devices with Pegasus spyware and allows hackers to infiltrate a user's phone without the user clicking on any links. The vulnerability was discovered and reported by Citizen Lab, a cybersecurity thinktank that focuses on societal digital threats. 

FORCEDENTRY is a exploit that has been shown to allow bad actors to covertly install the Pegasus spyware on certain Apple devices. The Pegasus application is a well-known form of spyware created by the NSO Group, a cyber-arms firm based out of Israel. The Apple devices include iOS, MacOS and WatchOS devices.

How does FORCEDENTRY work? 

The FORCEDENTRY exploit is a zero-day, zero-click threat, which means:

  • The vulnerability was successfully exploited before a resolution or fix was developed
  • The exploit does NOT require any actions from the user whatsoever (i.e., zero clicks)

Once the spyware is successfully installed onto a device, an attacker can take control of the affected device and have access to all user communications. Moreover, the FORCEDENTRY exploit goes beyond the specific risks of the Pegasus spyware, as it can act as a conduit for the unauthorized installation of other forms of spyware and malware.

What can you do? 

The Align Cybersecurity team recommends that all owners of these affected iPhone devices immediately install the new update and review Apple's recommendations

Align Cybersecurity™

Align Cybersecurity™, Align's leading-edge cloud services and robust cybersecurity advisory practice, can help safeguard your business from these kinds of breaches. It assesses and addresses evolving cybersecurity threats, and allows our clients to create customizable solutions that mitigate risk and compliance burdens while empowering secure, agile, mission-critical services. Speak To A Cybersecurity Specialist

Continue Reading

Related Articles

★★★★★

“Align is our trusted provider for all our Managed Services and cybersecurity needs. They provide us best-in-class IT services that not only help drive productivity and growth, but ensure we meet both current and evolving compliance and security requirements with ease. As consultants to financial advisors, trust and reliability are indispensable to our operations, which is why we never hesitate to refer Align to our very own client base. Align isn’t just our partner, they are an extension of our team. We look forward to entrusting them with our IT infrastructure for years to come.”

Ed Fasano - Experienced Advisory Consultants LLC