Google's Project Zero Deep Dives into NSO Group 'FORCEDENTRY' Exploit

Google’s Project Zero security team published a deep dive into FORCEDENTRY, a zero-click exploit in iMessage used by NSO Group. Apple’s Security Engineering and Architecture (SEAR) group collaborated on the analysis.

Based on our research and findings, we assess this to be one of the most technically sophisticated exploits we’ve ever seen, further demonstrating that the capabilities NSO provides rival those previously thought to be accessible to only a handful of nation states.

The vulnerability discussed in this blog post was fixed on September 13, 2021 in iOS 14.8 as CVE-2021-30860.

iMessages are End-To-End Encrypted But iCloud Backups Are Not

For Lifehacker, Jake Peterson wrote a reminder that under certain circumstances, Apple can theoretically access your iMessages.

Here’s the tricky thing; Messages in iCloud is end-to-end encrypted, just as you’d expect—that’s why there’s no way to access your messages on the web, such as by logging in to icloud.com. There’s one big problem, though: your iCloud Backup isn’t end-to-end encrypted—and Apple stores the key to unlock your encrypted messages within that backup.

Messages in iCloud has been a thing for a few years now, but you can turn it off.

WIN an iPhone 16 Pro Max!