[CLVD-2021-02] FORCEDENTRY iMessage Code Execution

Also tracked as: CVE-2021-30860
Report: FORCEDENTRY: NSO Group iMessage Zero-Click Exploit Captured in the Wild
Date Published: September 13th, 2021

Product Affected

All iPhones with iOS versions prior to 14.8, All Mac computers with operating system versions prior to OSX Big Sur 11.6, Security Update 2021-005 Catalina, and all Apple Watches prior to watchOS 7.6.2. From here

Summary

Zero-day, zero-click exploit against iMessage. Processing a maliciously crafted PDF may lead to arbitrary code execution. See: https://support.apple.com/en-ca/HT212807

Impact

Arbitrary code execution.

Disclosure Timeline

September 7 2021 - Citizen Lab forwarded the artifacts to Apple
September 13 2021 - Apple confirmed that the files included a zero-day exploit against iOS and MacOS. They designated the FORCEDENTRY exploit CVE-2021-30860, and describe it as “processing a maliciously crafted PDF may lead to arbitrary code execution.” Apple released an update that patches CVE-2021-30860 on September 13 2021.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CLVD-2021-02.md

CLVD-2021-02.md

[CLVD-2021-02] FORCEDENTRY iMessage Code Execution

Product Affected

Summary

Impact

Disclosure Timeline

Files

CLVD-2021-02.md

Latest commit

History

CLVD-2021-02.md

File metadata and controls

[CLVD-2021-02] FORCEDENTRY iMessage Code Execution

Product Affected

Summary

Impact

Disclosure Timeline