New Delhi: Days after heated controversy around globe over Pegasus spyware allegedly tapping phones of human rights activists, journalists and even heads of state, Apple has detected a new zero-day, zero-click exploit called ‘FORCEDENTRY’ in Apple’s iMessage service, allegedly used by Israel’s NSO Group to install Pegasus spyware in devices including the iPhone, iPad, MacBook and Apple Watch.


A team of researchers at Toronto-based Citizen Lab, who have been investigating Pegasus Spyware, found the problem while analysing a Saudi activist's phone that had been compromised with the code.


ALSO READ | Pegasus Project: Over 40 Journalists, 2 Ministers, 1 Judge, And 3 Oppn Leaders Were Alleged Targets


According to media reports, the cybersecurity watchdog organisation in Canada, released a software update for a weakness that can let the spyware infect devices without users even clicking on a malicious message or link. The researchers have advised to update the operating systems on their Apple devices in order to avoid their smartphones and laptops getting affected till the update rolled out by Apple on Monday is installed.


"We determined that the mercenary spyware company NSO Group used the vulnerability to remotely exploit and infect the latest Apple devices with the Pegasus spyware," Citizen Lab wrote in a post.


Hours after releasing the fix, Apple said it had "rapidly" developed the update following Citizen Lab's discovery of the problem.


"Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals," the company said.


ALSO READ | Is Your Phone And WhatsApp Safe Against Pegasus? Know How To Avoid This Spyware


Citizen Lab researcher John Scott-Railton  in a series of tweets explained how the Citizen Lab discovered the exploit.


"We believe that the FORCEDENTRY exploit has been in use by NSO Group since at least February 2021. According to Apple’s analysis, the exploit works against all iOS, MacOS, and WatchOS versions prior to those released September 13, 2021 (today)," Marczak said. 



Israeli firm NSO Group has been under fire  across globe since an international media investigation claimed it was used to spy on the phones of human rights activists, journalists and even heads of state.


(With inputs from AFP)