How can we help?
Apple have released patches to address a pair of exploits (CVE-2021-30858 and CVE-2021-30860) in multiple products.
One of these is the exploit FORCEDENTRY which we have written about previously. Processing a maliciously crafted PDF may lead to arbitrary code execution.
The other is a use after free issue in WebKit. Processing maliciously crafted web content may lead to arbitrary code execution.
A remote attacker may be able to trigger system-level code execution on a device.
To see the current version on iOS go to
Settings > General > About
On macOS the version can be seen in About This Mac
All iPhones with iOS versions prior to 14.8, All Mac computers with operating system versions prior to OSX Big Sur 11.6, Security Update 2021-005 Catalina, and all Apple Watches prior to watchOS 7.6.2.
Containment, Mitigations & Remediations
Devices should be updated as soon as possible.
To update iOS go to
Settings > General > Software Update
This should either say “iOS is up to date” or give you the option to update.
Indicators of Compromise
The Pegasus group’s use of FORCEDENTRY can be detected by forensically investigating the affected iPhone. An artifact exists in the DataUsage.sqlite file which can be detected with
SELECT “CASCADEFAIL” FROM ZLIVEUSAGE WHERE ZLIVEUSAGE.ZHASPROCESS NOT IN (SELECT Z_PK FROM ZPROCESS);