Apple has been forced to release a patch for all their iOS and macOS devices, including the iPhone, iPad, Mac and Apple Watch that patches a hole discovered by Citizen Lab.

The patch is for a flaw in iMessage (CVE-2021-30860) and could lead to an undetectable takeover of your devices. The exploit has previously been used by governments to spy on suspected dissidents by the  Israeli firm NSO Group.

The new hack is called ForcedEntry and defeats Apple’s BlastDoor defence, which was meant to filter malicious messages.

Apple was informed of the new exploit on the 7th of September and has today released the wide-ranging patch for the issue.

Apple users are advised to update immediately, as the hack has been exploited in the wild for so-called Zero-click hacks.

While Apple has patched the hole, it is believed that iMessage offers such a large attack surface that it is nearly impossible to fully secure, leaving iOS users much less secure than they would normally suspect.

via TechCrunch

Comments