CYBER ALERT: A Zero-Day, Zero-Click Exploit Infecting Apple Devices.

by: Align on Sep, 14, 2021 | 0 Comments
 hero Image

Apple has issued an urgent software software update for iPhones to address a critical vulnerability known as FORCEDENTRY. For Fund Managers, and all apple users in general, this exploit poses a substantial information security threat. 

Read on for more information about the new vulnerability and how to protect against it. 

What is FORCEDENTRY?

FY21Q3_iOS Cyber Alert_Blog

A zero-day, zero-click exploit that infects apple devices with Pegasus spyware and allows hackers to infiltrate a user's phone without the user clicking on any links. The vulnerability was discovered and reported by Citizen Lab, a cybersecurity thinktank that focuses on societal digital threats. 

FORCEDENTRY is a exploit that has been shown to allow bad actors to covertly install the Pegasus spyware on certain Apple devices. The Pegasus application is a well-known form of spyware created by the NSO Group, a cyber-arms firm based out of Israel. The Apple devices include iOS, MacOS and WatchOS devices.

How does FORCEDENTRY work? 

The FORCEDENTRY exploit is a zero-day, zero-click threat, which means:

  • The vulnerability was successfully exploited before a resolution or fix was developed
  • The exploit does NOT require any actions from the user whatsoever (i.e., zero clicks)

Once the spyware is successfully installed onto a device, an attacker can take control of the affected device and have access to all user communications. Moreover, the FORCEDENTRY exploit goes beyond the specific risks of the Pegasus spyware, as it can act as a conduit for the unauthorized installation of other forms of spyware and malware.

What can you do? 

The Align Cybersecurity team recommends that all owners of these affected iPhone devices immediately install the new update and review Apple's recommendations

Align Cybersecurity™

Align Cybersecurity™, Align's leading-edge cloud services and robust cybersecurity advisory practice, can help safeguard your business from these kinds of breaches. It assesses and addresses evolving cybersecurity threats, and allows our clients to create customizable solutions that mitigate risk and compliance burdens while empowering secure, agile, mission-critical services. Speak To A Cybersecurity Specialist

Tags: Cybersecurity, Managed Services

Related Articles

 
Traveling for the Holidays? Here are 7 Cybersecurity Best Practices

Cybersecurity

Traveling for the Holidays? Here are 7 Cybersecurity Best Practices

This holiday season will, like most of 2021, present some unique cybersecurity risks. Managing the

Read More >

Cybersecurity Awareness Month: Top Cybersecurity Blogs

Cybersecurity

Cybersecurity Awareness Month: Top Cybersecurity Blogs

It's October, which means in addition to spooks and scares, it's National Cybersecurity Awareness

Read More >