The Citizen Lab, a Canadian privacy and cybersecurity activist group, announced a zero-day security hole in Apple’s iPhone, iPad, and Mac operating systems. The lab gave the attack the nickname FORCEDENTRY, though its official designation is CVE-2021-30860.

Citizen Lab has attributed the vulnerability and code that exploits it, to a controversial surveillance company called the “NSO Group“, already well-known for its  Pegasus line of spyware-like products. According to Citizen Lab, this exploit relies on a malware-infected PDF file. This was discovered in the wild when a Saudi Arabian activist’s phone was examined and a new variant of spyware (similar to Pegasus but not pegasus) had somehow been implanted on the device. The Citizen Lab report matches Apple’s own security bulletin HT21807, which credits Citizen Lab for reporting the flaw:

“Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. […] An integer overflow was addressed with improved input validation.”

Second Bug

Apple also fixed another in-the-wild bug at the same time, dubbed CVE-2021-30858. This second zero-day was found in Apple’s web rendering software, WebKit, which forms the built-in Safari browser on all Apple operating systems. In fact, all iPhone and iPad programs in the App Store (right from the most basic games and utilities to the most powerful web browsers) that can render and display HTML content are forced by Apple to use WebKit.

Even browsers such as Edge and Firefox, which usually use the Chromium and Gecko web rendering software respectively, have to use WebKit instead, so WebKit security bugs can have widespread consequences on iPhones and iPads.

What Should You Do and When?

Patch and update as soon as possible! To check for updates and automatically fetch them if they haven’t been downloaded automatically yet, do this:

iPad or iPhone

Go to Settings > General > Software Update. If you are using iOS 14, you want 14.8.

MacBook laptop or a desktop Mac

Go to Apple menu > System Preferences > Software Update. If you are using macOS Big Sur 11, you want 11.6.

For more specifics, the current patches are documented in Apple’s latest security bulletins as follows:

  • HT212804macOS Big Sur 11.6, fixing both bugs.
  • HT2128052021-005 Catalina, fixing PDF bug only.
  • HT212806watchOS 7.6.2, fixing PDF bug only.
  • HT212807iOS 14.8 and iPadOS 14.8, fixing both bugs.
  • HT212808Safari 14.1.2 for Catalina and Mojave, fixing WebKit bug only.


Find out how CyberHoot can secure your business.