HOME

TheInfoList



Click Here for Items Related To - FORCEDENTRY
OR:
FORCEDENTRY on:   [Wikipedia]   [Google]   [Amazon]

FORCEDENTRY, also capitalized as ForcedEntry, is a
security exploit An exploit (from the English verb ''to exploit'', meaning "to use something to one’s own advantage") is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability to cause unintended or unanti ...
allegedly developed by
NSO Group NSO Group Technologies (NSO standing for Niv, Shalev and Omri, the names of the company's founders) is an Israeli cyber-intelligence firm primarily known for its proprietary spyware Pegasus, which is capable of remote zero-click surveillance o ...
to deploy their Pegasus spyware. It enables the " zero-click" exploit that is prevalent in
iOS 13 iOS 13 is the thirteenth major release of the iOS mobile operating system developed by Apple Inc. for their iPhone, iPod Touch, and HomePod lines. The successor to iOS 12 on those devices, it was announced at the company's Worldwide Developer ...
and below, but also compromises recent safeguards set by
Apple An apple is an edible fruit produced by an apple tree (''Malus domestica''). Apple fruit tree, trees are agriculture, cultivated worldwide and are the most widely grown species in the genus ''Malus''. The tree originated in Central Asia, wh ...
's "BlastDoor" in
iOS 14 iOS 14 is the fourteenth major release of the iOS mobile operating system developed by Apple Inc. for their iPhone and iPod Touch lines. Announced at the company's Worldwide Developers Conference on June 22, 2020 as the successor to iOS 13, it ...
and later. In September 2021, Apple released new versions of its operating systems for multiple device families containing a fix for the vulnerability.


Exploit

The exploit was discovered by
Citizen Lab The Citizen Lab is an interdisciplinary laboratory based at the Munk School of Global Affairs at the University of Toronto, Canada. It was founded by Ronald Deibert in 2001. The laboratory studies information controls that impact the openness ...
, who reported that the vulnerability has been used to target political dissidents and human rights activists. FORCEDENTRY appears to be the same as the attack previously detected and named "Megalodon" by
Amnesty International Amnesty International (also referred to as Amnesty or AI) is an international non-governmental organization focused on human rights, with its headquarters in the United Kingdom. The organization says it has more than ten million members and sup ...
. The exploit uses PDF files disguised as GIF files to inject
JBIG2 JBIG2 is an image compression standard for bi-level images, developed by the Joint Bi-level Image Experts Group. It is suitable for both lossless and lossy compression. According to a press release from the Group, in its lossless mode JBIG2 ty ...
-encoded data to provoke an
integer overflow In computer programming, an integer overflow occurs when an arithmetic operation attempts to create a numeric value that is outside of the range that can be represented with a given number of digits – either higher than the maximum or lower t ...
in Apple's CoreGraphics system, circumventing Apple's "BlastDoor"
sandbox A sandbox is a sandpit, a wide, shallow playground construction to hold sand, often made of wood or plastic. Sandbox or Sand box may also refer to: Arts, entertainment, and media * Sandbox (band), a Canadian rock music group * Sandbox ( ...
for message content, introduced in iOS 14 to defend against KISMET, another zero-click exploit. The FORCEDENTRY exploit has been given the CVE identifier CVE-2021-30860. In December 2021, Google's
Project Zero Project Zero is a team of security analysts employed by Google tasked with finding zero-day vulnerabilities. It was announced on 15 July 2014. History After finding a number of flaws in software used by many end-users while researching other p ...
team published a technical breakdown of the exploit based on its collaboration with Apple’s Security Engineering and Architecture (SEAR) group. The exploit was described by Project Zero team:
JBIG2 doesn't have scripting capabilities, but when combined with a vulnerability, it does have the ability to emulate circuits of arbitrary logic gates operating on arbitrary memory. So why not just use that to build your own computer architecture and script that!? That's exactly what this exploit does. Using over 70,000 segment commands defining logical bit operations, they define a small computer architecture with features such as registers and a full 64-bit adder and comparator which they use to search memory and perform arithmetic operations. It's not as fast as Javascript, but it's fundamentally computationally equivalent. The bootstrapping operations for the sandbox escape exploit are written to run on this logic circuit and the whole thing runs in this weird, emulated environment created out of a single decompression pass through a JBIG2 stream. It's pretty incredible, and at the same time, pretty terrifying.
According to Citizen Lab, the FORCEDENTRY vulnerability exists in
iOS iOS (formerly iPhone OS) is a mobile operating system created and developed by Apple Inc. exclusively for its hardware. It is the operating system that powers many of the company's mobile devices, including the iPhone; the term also includes ...
versions prior to 14.8,
macOS macOS (; previously OS X and originally Mac OS X) is a Unix operating system developed and marketed by Apple Inc. since 2001. It is the primary operating system for Apple's Mac computers. Within the market of desktop and lapt ...
versions prior to
macOS Big Sur macOS Big Sur (version 11) is the seventeenth major release of macOS, Apple Inc.'s operating system for Macintosh computers. It was announced at Apple's Worldwide Developers Conference (WWDC) on June 22, 2020, and was released to the public ...
11.6 and Security Update 2021-005 Catalina, and
watchOS watchOS is the operating system of the Apple Watch, developed by Apple Inc. It is based on iOS, the operating system used by the iPhone, and has many similar features. It was released on April 24, 2015, along with the Apple Watch, the only dev ...
versions prior to 7.6.2.


Apple lawsuit

In November 2021, Apple Inc. filed a complaint against NSO Group and its parent company Q Cyber Technologies in the
United States District Court for the Northern District of California The United States District Court for the Northern District of California (in case citations, N.D. Cal.) is the federal United States district court whose jurisdiction comprises the following counties of California: Alameda, Contra Costa, Del ...
in relation to FORCEDENTRY, requesting injunctive relief, compensatory damages, punitive damages, and
disgorgement Disgorgement is defined by ''Black's Law Dictionary'' as "the act of giving up something (such as profits illegally obtained) on demand or by legal compulsion." Overview Disgorgement is a remedy or penalty used in US securities law. For exampl ...
of profits.


See also

*
iMessage iMessage is an instant messaging service developed by Apple Inc. and launched in 2011. iMessage functions exclusively on Apple platforms: macOS, iOS, iPadOS, and watchOS. Core features of iMessage, available on all supported platforms, includ ...
*
Pegasus (spyware) Pegasus is spyware developed by the Israeli cyber-arms company NSO Group that can be covertly installed on mobile phones (and other devices) running most versions of iOS and Android. Pegasus is able to exploit iOS versions up to 14.7, through ...


References

Spyware Apple Inc. Privilege escalation exploits {{apple-stub