Apple has issued an urgent software software update for iPhones to address a critical vulnerability known as FORCEDENTRY. For Fund Managers, and all apple users in general, this exploit poses a substantial information security threat.
Read on for more information about the new vulnerability and how to protect against it.
What is FORCEDENTRY?
A zero-day, zero-click exploit that infects apple devices with Pegasus spyware and allows hackers to infiltrate a user's phone without the user clicking on any links. The vulnerability was discovered and reported by Citizen Lab, a cybersecurity thinktank that focuses on societal digital threats.
FORCEDENTRY is a exploit that has been shown to allow bad actors to covertly install the Pegasus spyware on certain Apple devices. The Pegasus application is a well-known form of spyware created by the NSO Group, a cyber-arms firm based out of Israel. The Apple devices include iOS, MacOS and WatchOS devices.
How does FORCEDENTRY work?
The FORCEDENTRY exploit is a zero-day, zero-click threat, which means:
- The vulnerability was successfully exploited before a resolution or fix was developed
- The exploit does NOT require any actions from the user whatsoever (i.e., zero clicks)
Once the spyware is successfully installed onto a device, an attacker can take control of the affected device and have access to all user communications. Moreover, the FORCEDENTRY exploit goes beyond the specific risks of the Pegasus spyware, as it can act as a conduit for the unauthorized installation of other forms of spyware and malware.
What can you do?
The Align Cybersecurity team recommends that all owners of these affected iPhone devices immediately install the new update and review Apple's recommendations.
Align Cybersecurity™, Align's leading-edge cloud services and robust cybersecurity advisory practice, can help safeguard your business from these kinds of breaches. It assesses and addresses evolving cybersecurity threats, and allows our clients to create customizable solutions that mitigate risk and compliance burdens while empowering secure, agile, mission-critical services.