Apple Patches Up Devices In Response To The Exposure Of Yet Another NSO Group Exploit

from the soon-they-will-make-a-board-with-a-nail-so-big-it-will-destroy-them-all dept

Israeli digital arms merchant NSO Group continues to sell its malware to a wide variety of governments. The governments it sells to, which includes a bunch of notorious human rights abusers, continue to use these exploits to target dissidents, activists, journalists, religious leaders, and political opponents. And the manufacturers of the devices exploited by governments to harm people these governments don't like (NSO says "criminals and terrorists," long-term customers say "eh, whoever") continue to patch things up so these exploits no longer work.

The circle of life continues. No sooner had longtime critic/investigator of NSO Group's exploits and activities -- Citizen Lab -- reported the Bahrain government was using "zero click" exploits to intercept communications and take control of targeted devices then a patch has arrived. Apple, whose devices were compromised using an exploit Citizen Lab has dubbed FORCEDENTRY, has responded to the somewhat surprising and altogether disturbing news that NSO has developed yet another exploit that requires no target interaction at all to deploy.

Apple released a patch Monday against two security vulnerabilities, one of which the Israeli surveillance company NSO Group has exploited, according to researchers.

The updated iOS software patches against a zero-click exploit that uses iMessage to launch malicious code, which in turn allows NSO Group clients to infiltrate targets — including the phone of a Saudi activist in March, researchers at Citizen Lab said.

The backdoor being closed involves a pretty clever trick of the trade. Since links require clicks and images don't, the exploit utilizes a tainted gif to crash Apple's image rendering library, which is then used to launch a second exploit that gives NSO customers control of these devices, allowing them to browse internal storage and eavesdrop on communications.

It's not the first time NSO has developed a zero-click exploit that affects iOS devices. It's just the latest exposed by Citizen Lab's incredible investigation efforts. Thanks to Citizen Lab, more Apple device users around the world are better protected against malicious hackers… working for a company that sells exploits to government agencies. And whatever can be nominally exploited for good (the terrorists and criminals NSO continues to claim its customers target, despite an ever-growing mountain of evidence that says otherwise) can be exploited by governments and malicious hackers who don't even have sketchy "national security" justifications to raise in the defense of their actions.

The arms race continues. It appears marketers of exploits will continue to do what they've always done: maintain over-the-air superiority for as long as possible. And while it may seem this is just part of the counterterrorism game, NSO Group's tacit approval of the targeting of dissidents, journalists, and others who have angered local governments (but have never committed any terrorist or criminal acts) shows it's not willing to stop profiting from the misery of people being hunted and harmed by repressive regimes.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: ios, iphone, malware, patches, surveillance
Companies: apple, nso group


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Upstream (profile), 14 Sep 2021 @ 11:31am

    More hipocrisy

    If the NSO Group were located in a different country, or perhaps were of a different religion, they would surely have been designated terrorists themselves by now. In any case, it still seems like the NSO Group might be more deserving of a drone strike than other recent recipients.

    Not that anyone should hit them with a drone strike, just that they might be considered more deserving.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Sep 2021 @ 12:08pm

    Surprising?

    the somewhat surprising and altogether disturbing news that NSO has developed yet another exploit that requires no target interaction at all to deploy. ...
    the exploit utilizes a tainted gif to crash Apple's image rendering library

    What's surprising? Computer security is a shitshow, and we knew that. I suppose it's "somewhat surprising" that neither Apple nor any "white hat" hackers had noticed a flaw in the GIF library till now. It's a 30-year-old format that may well be using 30-year-old code, and is auto-displayed by various programs—kind of an obvious target (better also check BMP, MPEG1, and fonts, at least).

    link to this | view in chronology ]

  • icon
    Ninja (profile), 14 Sep 2021 @ 12:18pm

    I have issues with stuff that automatically download and load pictures, videos with a small exception for web browsers where at the very least you decided to load the site. I configured all my apps to ask first before displaying any multimedia content. Maybe they should make this the default and not the opposite?

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 14 Sep 2021 @ 4:07pm

      Re:

      web browsers where at the very least you decided to load the site

      That doesn't mean much. Most sites, including Techdirt, will include a bunch of shit you never decided to load. This very page includes things from Google, Soundcloud, and "fontawesome". And then there are ads, where anyone with a few dollars can send (almost) whatever they want to the browsers of anyone foolish enough to browse without an adblocker. Browsers are often quite willing to interpret formats that many would regard as archaic.

      link to this | view in chronology ]

  • icon
    nasch (profile), 16 Sep 2021 @ 9:51am

    Then/than

    No sooner had longtime critic/investigator of NSO Group's exploits and activities -- Citizen Lab -- reported the Bahrain government was using "zero click" exploits to intercept communications and take control of targeted devices then a patch has arrived.

    "Than". "No sooner had... than..." Although this is a description of one thing happening and then another, if you rearrange it it becomes more clear: "X happened no sooner than Y".

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.