What happened:
The Citizen Lab, a project run by the Munk School of Global Affairs & Public Policy, announced a vulnerability in Apple iOS, MacOS, and WatchOS devices that allowed attackers to execute arbitrary code on them. And users did not have to
click on anything to download, install, or activate the exploit.
Citizen Lab, who combine technical and political expertise to report on abuses by governments and powerful organizations, noted that activists in multiple countries had compromised devices. Their forensics showed that a technical mercenary group operating in Israel – NSO Group – had created the exploit software and had likely sold it to governments who in turn attacked Apple devices owned by journalists and activists.
Apple rapidly issued a patch and made it available to their users for immediate repair.
Why is this important?
NSO Group’s Zero-Click FORCEDENTRY exploit required millions of dollars of investment to create because the target was both very well protected and very attractive to wealthy despots.
What does this mean to me?
If you are protecting assets that are worth more than the investment required to exploit and access them, then you are a target.
Your security program needs to address risks, not compliance.
All devices in your enterprise must be protected with push patch updates.
Related threats
Targeted attacks
Zero-day threats
Related vulnerabilities
Cybersecurity investments that are less than the risk of loss Zero-day vulnerabilities
Helpful controls
Endpoint Detection and Response (EDR)
Extended Detection and Response (XDR)
Mobile Device Management (MDM)
Commonality of attack
High