Fact-checked by Grok 2 weeks ago

FORCEDENTRY

FORCEDENTRY is a zero-day zero-click exploit chain targeting Apple's iMessage protocol on iOS devices, allowing remote code execution without user interaction or detectable traces. Developed by Israel's NSO Group, it leverages vulnerabilities in iOS's image processing libraries—particularly through malformed data disguised as attachments—to bypass sandboxing and deploy the Pegasus spyware for persistent surveillance. First identified in September 2021 by researchers at the Citizen Lab while analyzing an infected device belonging to a Saudi activist, the exploit affected iOS versions up to 14.7.1 and was patched by Apple in iOS 14.8 via enhanced validation in the BlastDoor security framework. The exploit's technical sophistication lies in its multi-stage attack: it begins with a specially crafted that triggers memory corruption in the device's kernel through deliberate integer overflows and use-after-free errors in compressed image decoders, ultimately achieving . Project Zero described it as one of the most advanced exploits encountered, comparable to nation-state capabilities due to its efficiency in exploiting hardened defenses like pointer authentication and without requiring physical access or . marketed —and by extension, delivery mechanisms like FORCEDENTRY—to governments for counter-terrorism and , though forensic evidence from and revealed its deployment against journalists, human rights defenders, and political dissidents in multiple countries, raising ethical concerns over misuse by state actors. In response, Apple issued security updates closing the exploited flaws (including CVE-2021-30860) and pursued legal action against in 2021, alleging unlawful targeting of users and seeking to bar further development of such tools. The incident highlighted vulnerabilities in end-to-end encrypted messaging systems and spurred advancements in , such as stricter attachment , while underscoring debates on the proliferation of commercial firms operating with limited oversight.

Discovery and Initial Analysis

Citizen Lab Findings

In September 2021, researchers at the University of Toronto's Citizen Lab identified FORCEDENTRY during forensic examination of an iPhone belonging to a Saudi activist that had been compromised by spyware. The device, running iOS 14.6, showed evidence of infection via a previously unknown zero-day vulnerability in Apple's iMessage application, enabling remote code execution without any user interaction such as clicking links or opening attachments. This zero-click mechanism relied on flaws in iMessage's parsing of specially crafted media files, allowing attackers to deliver malicious payloads directly through standard messaging. Citizen Lab named the exploit FORCEDENTRY, highlighting its exceptional sophistication as one of the most advanced zero-day chains observed in operations up to that point. Initial analysis revealed that the exploit targeted core components, bypassing protections intended to untrusted content, and was captured in active use against the device in question. Apple acknowledged the vulnerability—tracked as CVE-2021-30860—and issued emergency patches for 14.8 and 14.8 on September 13, 2021, confirming the issue affected multiple Apple platforms including iPhones, iPads, Macs, and Apple Watches. Forensic traces included anomalous iMessage process behaviors, such as unexpected memory allocations and crash logs indicative of exploited parsing routines, though the exploit was engineered to erase most artifacts post-deployment, complicating detection. Unlike prior spyware infections requiring user engagement, FORCEDENTRY left no visible indicators like suspicious notifications or file downloads, underscoring its stealth and the challenges in attributing infections without specialized tools. This empirical evidence from device logs and behavioral anomalies formed the basis for Citizen Lab's characterization, prompting broader alerts to affected users and platform vendors.

Attribution to NSO Group

Citizen Lab researchers attributed the FORCEDENTRY exploit to NSO Group after discovering it during forensic analysis of an iPhone owned by a Saudi activist, where the zero-click iMessage attack directly facilitated the deployment of Pegasus spyware on September 13, 2021. The exploit chain's artifacts, including an incomplete deletion record labeled "CASCADEFAIL" in the device's DataUsage.sqlite database—queryable via specific SQL patterns unique to Pegasus installations—provided a distinctive signature linking it to NSO's tooling. Additionally, the infection utilized the process name "setframed," previously documented in a July 2020 Pegasus attack on an Al Jazeera journalist, further correlating the mechanics with NSO's infrastructure. Post-exploitation communications from the device matched patterns associated with command-and-control servers, consistent with NSO's deployment signatures observed in prior investigations. This attribution was corroborated when shared the exploit sample with , whose reverse engineering on December 15, 2021, revealed FORCEDENTRY's reliance on a integer overflow in Apple's CoreGraphics (CVE-2021-30860) to achieve remote code execution, mirroring the advanced, targeted nature of earlier NSO exploits like the 2019 vulnerability (CVE-2019-3568) and the 2020 chain. These parallels in exploit sophistication and payload delivery underscored FORCEDENTRY as an evolution in NSO's arsenal for government clients seeking to evade iOS protections such as BlastDoor, introduced in . NSO Group did not issue a public denial specific to FORCEDENTRY, aligning with their approach to technical attributions, while reiterating in responses to Pegasus-related inquiries that their technologies are licensed exclusively to vetted governments for counter-terrorism and investigations.

Technical Mechanics

Core Exploit Chain

The FORCEDENTRY exploit chain began with the delivery of a malicious iMessage containing a disguised attachment presented as a GIF file, which was in fact a PDF embedding JBIG2 image streams designed to invoke Apple's CoreGraphics framework for parsing. This processing occurred automatically within the sandboxed IMTranscoderAgent process, a component of iMessage responsible for media without user interaction, confirming its zero-click nature. The initial vulnerability exploited was an in the decoder of CoreGraphics, derived from the open-source library (CVE-2021-30860), leading to an undersized allocation during handling. This enabled an out-of-bounds write that corrupted adjacent objects, such as GList structures and JBIG2Bitmap instances, allowing controlled memory corruption without triggering immediate alerts from iMessage's BlastDoor protections, which isolate message processing. Apple patched this flaw on September 13, 2021, in 14.8, 11.6, and equivalent versions for other platforms, affecting devices running prior releases. From this memory corruption, attackers achieved remote code execution by leveraging JBIG2's refinement coding feature to "unbind" the bitmap canvas, granting arbitrary read and write access to memory through over 70,000 segment refinement commands. These commands effectively transformed the JBIG2 parser state into a Turing-complete , emulating a custom CPU architecture to execute arbitrary logic, including vtable pointer overwrites that bypassed Pointer Authentication Codes () via mechanisms. This stage operated entirely within the IMTranscoderAgent , grooming the to prepare for subsequent execution. Escalation beyond the relied on logic bugs rather than further , embedding an within the JBIG2-emulated code to construct and deserialize an during handling. This was passed via NSXPC interfaces—exploiting permissive object in protocols like PTSection/PTRow—to the higher-privilege , where it evaluated to execute arbitrary functions and retrieve a second-stage loader. Google Project Zero's December 2021 analysis verified the chain's sophistication as a zero-day targeting , emphasizing its reliance on undocumented parser behaviors for evasion.

Bypassing iMessage Protections

FORCEDENTRY exploited vulnerabilities in Apple's processing , specifically targeting the IMTranscoderAgent, which handles attachment transcoding outside the full sandboxing enforced by BlastDoor mitigations introduced in 14. This agent processes incoming messages, including disguised attachments like PDFs masquerading as images, prior to deeper filtering, allowing attackers to trigger code execution without user interaction. The exploit's zero-click nature stemmed from 's automatic rendering of rich content upon receipt, bypassing prompts for user approval or preview. At the core of the bypass was CVE-2021-30860, an in the image decoder within CoreGraphics, derived from the library, embedded in a malicious PDF delivered via . The vulnerability occurred during segment collation in JBIG2 parsing, leading to buffer undersizing and corruption of adjacent heap structures, such as GList pointers, enabling controlled and overwrite of JBIG2Bitmap fields. This allowed attackers to create an "unbounded" decoding canvas, facilitating arbitrary memory read and write primitives through JBIG2's refinement coding mechanisms, all within the partially trusted iMessage handler environment. Researchers at reverse-engineered the exploit chain, demonstrating its reliability on versions up to 14.6 by reconstructing the heap grooming and corruption techniques from forensic samples. The exploit evaded BlastDoor's enhanced sandboxing—designed to isolate message processing and strip malicious payloads—by operating in the pre-BlastDoor phase, where assumptions about file type integrity and bounds-checked legacy decoders proved insufficient against adversarial inputs. Empirical analysis by , derived from an infected device's backup in March 2021, confirmed the exploit's deployment via seemingly innocuous attachments that triggered decoder crashes and subsequent installation, effective against hardened builds prior to the September 13, 2021 patch in 14.8. This highlighted causal flaws in iMessage's design, including over-reliance on extension-based content validation and incomplete isolation of third-party-derived parsers like JBIG2.

Integration with Pegasus Spyware

Deployment Method

FORCEDENTRY was operationally delivered within the Pegasus spyware architecture through silent iMessage transmissions initiated from NSO Group-controlled servers targeting specific phone numbers provided by client governments. These messages contained files disguised as GIF images but structured as Adobe PSD or PDF formats embedding JBIG2-encoded streams, which iOS automatically processed via the IMTranscoderAgent without entering the BlastDoor sandbox or requiring any user interaction such as clicking links or opening attachments. Upon receipt, the target's iPhone parsed the malformed JBIG2 data in Apple's CoreGraphics library, triggering an integer overflow vulnerability (CVE-2021-30860) that enabled remote code execution. This initial exploit stage granted attackers kernel-level access, prompting the device to establish a covert connection back to NSO infrastructure for downloading the full Pegasus payload—a modular implant that installed a persistent backdoor. The backdoor facilitated ongoing data exfiltration, command reception, and surveillance capabilities while minimizing detectable traces on the device. Integration of FORCEDENTRY into operations occurred around early 2021, with evidence of active use by February of that year, aligning with NSO's practice of customizing zero-click chains for high-value targets under government contracts that specified priorities. This method relied on precise targeting of Apple IDs or phone numbers, leveraging iMessage's for initial delivery while exploiting unpatched flaws for entry.

Capabilities Enabled

Once deployed through the FORCEDENTRY exploit, Pegasus spyware provides operators with comprehensive remote access to the infected iOS device's data and peripherals, operating without further user interaction or visible indicators. It extracts contacts, SMS/iMessage content, call history, photos, and geolocation data stored on the device. The further enables activation of the for audio recording and the camera for visual , capturing live feeds or stored as directed by remote commands. Forensic examinations by have identified traces of such harvested multimedia in device caches and databases on compromised iPhones. To ensure operational longevity, employs persistence mechanisms that survive device reboots in some variants, while disguising its processes as native services like roleaccountd or msgacntd to evade detection by antivirus tools or system monitoring. It systematically deletes or obfuscates logs in files such as DataUsage., though incomplete erasures—such as "CASCADEFAIL" artifacts—have been detectable in backups analyzed by researchers. Exfiltrated data is relayed to NSO Group's command-and-control infrastructure via the Pegasus Anonymizing Transmission Network (PATN), utilizing encrypted channels over cloud services like and high-numbered ports for obfuscation. Real-world forensics from infected devices of activists have uncovered specific payloads, including iMessage attachment chunks and email address lookups (e.g., handles), confirming systematic data siphoning post-infection.

Known Uses and Targets

Documented Infections

The FORCEDENTRY exploit was first documented through forensic analysis of an belonging to an activist, with the infection occurring prior to March 2021. Analysis of an backup from the device revealed 27 identical 748-byte (PSD) files and four Portable Document Format (PDF) files, disguised as GIF attachments in , containing JBIG2-encoded streams that exploited the vulnerability (CVE-2021-30860). These files triggered repeated crashes in the IMTranscoderAgent process, alongside forensic artifacts such as the CASCADEFAIL indicator and a suspicious process named "setframed," both attributable to NSO Group's deployment infrastructure. Evidence from the device's Library/SMS/Attachments directory and crash logs confirmed zero-click infection via , with the exploit active against the target since at least February 2021. Cross-verification relied on system logs documenting the attachment processing chain and memory corruption patterns consistent with JBIG2 decoder flaws, without requiring user interaction or network traffic captures beyond the initial delivery. Confirmed instances of FORCEDENTRY infections remain sparse in public records, centered on this single high-profile case amid broader operations. Unlike more pervasive campaigns involving click-based or lures, no verified evidence indicates mass deployment of FORCEDENTRY, consistent with its sophistication as a zero-day chain targeting select versions ( 14.6 and earlier). Apple patched the core vulnerability on September 13, 2021, limiting subsequent detections to retrospective forensics.

Victim Profiles

Targets of the FORCEDENTRY exploit, as deployed via NSO Group's Pegasus spyware, have primarily included individuals affiliated with activism and human rights advocacy, though NSO maintains that its technology is licensed exclusively to governments for surveilling terrorists and serious criminals. A key documented case involved a Saudi women's rights activist whose iPhone was infected in July 2021, during which Citizen Lab researchers identified the zero-click FORCEDENTRY chain bypassing iMessage protections. This profile aligns with broader patterns of Pegasus targeting dissidents in authoritarian regimes, where state clients exercise discretion over selections post-sale, often extending beyond NSO's stated vetting criteria. NSO Group asserts that Pegasus has facilitated the prevention of numerous terrorist attacks and disruptions of criminal networks, including pedophilia rings and drug trafficking, with internal processes purportedly ensuring targets pose genuine threats. However, independent verifications of such successes remain sparse, as client governments rarely disclose operational details, and NSO has not publicly released audited data on foiled plots. In contrast, forensic analyses and leaked client lists reveal frequent selection of non-criminal figures, such as journalists and opposition politicians, suggesting misuse by licensees like and the . For instance, Saudi clients targeted associates of murdered journalist , including his wife Hanan Elatr, whose device showed Pegasus remnants. The Pegasus Project, drawing from a leaked database of approximately 50,000 phone numbers selected by NSO clients between 2016 and 2021, documented over 180 journalists, alongside defenders and political leaders, as potential across more than 45 countries. Regional concentrations highlight Middle Eastern states: UAE-linked selections included hundreds of UK-based numbers, often tied to expatriate critics, while authorities focused on investigative reporters probing . These cases underscore a disconnect between NSO's anti-terrorism and documented applications against , with governments retaining ultimate control over targeting after acquiring the tool.

Corporate and Legal Responses

Apple's Patch and Lawsuit

In September 2021, Apple released emergency security updates, including 14.8 and 14.8, to address the vulnerability, tracked as CVE-2021-30860, which involved an in the CoreGraphics component exploited through malicious PDF files embedded in attachments. This patch mitigated the zero-click exploit chain that allowed remote code execution without user interaction, following disclosure by researchers at . Concurrently, Apple expanded its state-sponsored attacker notifications, alerting users believed to be at risk from mercenary campaigns, including those leveraging ForcedEntry, as part of enhanced user protections introduced amid Pegasus-related revelations. On November 23, 2021, Apple initiated federal litigation against NSO Group Technologies Limited and its parent Q Cyber Technologies Limited in the U.S. District Court for the Northern District of California, alleging violations of the Computer Fraud and Abuse Act (CFAA), breach of contract via circumvention of Apple's security measures, and unauthorized access to Apple devices and services through exploits like ForcedEntry integrated into Pegasus spyware. The complaint detailed NSO's targeting of Apple users, including empirical evidence of Pegasus deployments that breached iOS protections, and sought injunctive relief to bar NSO from further use of Apple products. On January 23, 2024, U.S. District Judge denied NSO's motion to dismiss the suit in its entirety, rejecting arguments on venue, standing, and grounds while affirming Apple's claims of NSO's direct involvement in unlawful intrusions, supported by forensic data from infected devices. However, on September 13, 2024, Apple filed a motion for without prejudice, citing heightened risks that ongoing discovery could compel disclosure of proprietary threat intelligence and undisclosed details, potentially aiding adversaries in circumventing future patches. The court granted the dismissal on October 14, 2024, while denying NSO's counter-request for fees.

NSO Group's Position and Defenses

NSO Group maintains that its Pegasus spyware, which incorporates exploits like FORCEDENTRY, is exclusively licensed to vetted governments for combating terrorism, serious crime, and threats to national security, asserting that the technology aids in preventing attacks, locating kidnapped individuals, and disrupting trafficking networks. The company emphasizes that it exercises no control over target selection or operational deployment, with clients—law enforcement and intelligence agencies—solely responsible for identifying and authorizing surveillance targets in accordance with their national laws. NSO further claims rigorous pre-sale vetting of customers based on human rights records and ongoing monitoring, stating that it does not access client data or manage systems post-deployment. In response to legal actions, including Apple's November lawsuit alleging unauthorized access via Pegasus exploits, NSO has invoked defenses rooted in its role as a supplier to sovereign entities, arguing that suits interfere with state security operations and lack jurisdiction due to foreign principles. The firm contended in related litigation, such as the case, that it acts as an agent of foreign governments, thereby qualifying for immunity under the , though U.S. courts, including the Ninth Circuit in November and the via denial of in January 2023, rejected this argument, affirming NSO's status as a private corporation not entitled to such protection. NSO has also highlighted compliance with U.S. export regulations prior to its November blacklisting by the of , which cited the firm's enabling of malign activities contrary to U.S. , while portraying corporate lawsuits as attempts to undermine legitimate tools rather than address genuine misuse. To counter accusations of enabling abuses, NSO asserts a policy of investigating credible misuse allegations and terminating access for non-compliant clients, citing instances such as the immediate shutdown of systems linked to Ugandan operations in following U.S. official concerns, and broader claims of approximately 10 customers based on verified violations as revealed in unsealed documents. However, the company provides limited public details on or specific termination outcomes, maintaining that full could compromise ongoing investigations or client relationships, a stance that has drawn scrutiny amid reports of repeated misuse by authorized governments.

Broader Implications and Debates

Security Vulnerabilities and Fixes

The FORCEDENTRY exploit demonstrated a critical weakness in Apple's iMessage protocol, where specially crafted attachments, such as malicious GIF files embedded with PDF data, could trigger memory corruption in the ImageIO framework's PDF parsing component without user interaction. This zero-click attack bypassed iOS 14's BlastDoor mitigations, which were designed to sandbox and limit message processing to prevent such escalations, by exploiting an out-of-bounds heap write (CVE-2021-30860) and a related use-after-free vulnerability (CVE-2021-30858) during just-in-time (JIT) JavaScript execution in CoreGraphics. Apple addressed these flaws on September 13, 2021, via emergency updates including 14.8, iPadOS 14.8, 7.6.2, and macOS Big Sur 11.6, which patched the specific memory handling errors in the affected libraries to prevent . Subsequent hardening measures enhanced isolation for media attachments and refined BlastDoor's filtering of malformed inputs, reducing the exploit surface in rich media protocols across iOS, macOS, and ecosystems. Analysis of the exploit chain reveals inherent trade-offs in iMessage's design: support for dynamic previews of attachments like animated images necessitates deep parsing of potentially adversarial inputs, creating opportunities for buffer overflows absent stricter validation, even with prior mitigations. No public evidence indicates mass exploitation beyond surgically targeted operations against high-value individuals, limiting systemic compromise but underscoring persistent risks in cross-platform media .

Privacy Concerns vs. State Security Needs

Privacy advocates contend that spyware exploiting vulnerabilities like ForcedEntry, as deployed in Pegasus, facilitates mass surveillance that undermines civil liberties and democratic institutions by enabling governments to target non-combatants such as journalists and opposition figures. The 2021 Pegasus Project investigation, drawing from a leaked database of over 50,000 phone numbers selected by NSO clients, documented selections including more than 180 journalists from outlets like the Financial Times and CNN, as well as human rights activists and political dissidents; forensic analyses by Amnesty International's Security Lab confirmed Pegasus infections on devices of at least 23 individuals across multiple countries, with attempts on others. Specific cases include targeting associates of murdered Saudi journalist Jamal Khashoggi by the Saudi government post-2018, and infections of Thai pro-democracy campaigners and Jordanian human rights defenders, raising empirical evidence of abuse beyond stated anti-terrorism purposes. In response, NSO Group asserts that Pegasus is licensed exclusively to vetted governments for preventing terrorism and investigating serious crimes, with contractual safeguards requiring use solely against criminals and terrorists. Verifiable outcomes include its role in the 2016 arrest of Mexican drug lord Joaquín "El Chapo" Guzmán, where Mexican authorities used Pegasus to track his communications and associates, facilitating his capture after prior escapes. NSO has also credited the tool with thwarting unspecified terrorist attacks and disrupting criminal networks like pedophilia and drug rings, arguing that such capabilities have saved lives by enabling proactive intelligence gathering in asymmetric threats where traditional methods fall short. The tension lies in balancing these security imperatives against documented overreach, with critics from organizations like warning of a "" on free expression, while proponents emphasize states' inherent right to deploy advanced tools for self-preservation amid rising global —evidenced by NSO's claim of aiding thousands of arrests worldwide. Debates center on enhancing vendor oversight and export controls without imposing regulations that could deter development of lawful technologies, as excessive restrictions might cede advantages to non-state actors or authoritarian regimes unburdened by democratic constraints; coverage, often aligned with groups, tends to foreground misuse cases while giving less weight to verified preventive successes, potentially skewing public perception toward underappreciating the causal trade-offs in .

References

  1. [1]
    FORCEDENTRY: NSO Group iMessage Zero-Click Exploit Captured ...
    Sep 13, 2021 · While analyzing the phone of a Saudi activist infected with NSO Group's Pegasus spyware, we discovered a zero-day zero-click exploit against ...
  2. [2]
    A deep dive into an NSO zero-click iMessage exploit: Remote Code ...
    Dec 15, 2021 · We want to thank Citizen Lab for sharing a sample of the FORCEDENTRY exploit with us, and Apple's Security Engineering and Architecture (SEAR) ...
  3. [3]
    Analyzing Pegasus Spyware's Zero-Click iPhone Exploit ForcedEntry
    Sep 15, 2021 · This zero-click exploit seems to be able to circumvent Apple's BlastDoor security, and allow attackers access to a device without user interaction.
  4. [4]
    Forensic Methodology Report: How to catch NSO Group's Pegasus
    Jul 18, 2021 · NSO Group claims that its Pegasus spyware is only used to “investigate terrorism and crime” and “leaves no traces whatsoever”.Missing: FORCEDENTRY | Show results with:FORCEDENTRY
  5. [5]
    https://nvd.nist.gov/vuln/detail/CVE-2021-30860
  6. [6]
    https://support.apple.com/en-us/HT212807
  7. [7]
    FORCEDENTRY: Sandbox Escape - Google Project Zero
    Mar 31, 2022 · We want to thank Citizen Lab for sharing a sample of the FORCEDENTRY exploit with us, and Apple's Security Engineering and Architecture (SEAR) ...
  8. [8]
    Enough is enough! - NSO Group
    NSO will continue its mission of saving lives, helping governments around the world prevent terror attacks, break up pedophilia, sex, and drug-trafficking ...<|separator|>
  9. [9]
    UAE agency put Pegasus spyware on the phone of Hanan Elatr ...
    Dec 21, 2021 · The new analysis challenges NSO claims that the murdered journalist's wife, Hanan Elatr, 'was not a target'<|control11|><|separator|>
  10. [10]
    About the Pegasus Project - Forbidden Stories
    Jul 18, 2021 · A leak of 50000 numbers surveilled by NSO Group clients reveals systematic abuse. Forbidden Stories and Amnesty accessed numbers selected ...
  11. [11]
    UAE linked to listing of hundreds of UK phones in Pegasus project ...
    Jul 21, 2021 · The principal government responsible for selecting the UK numbers appears to be the United Arab Emirates, according to analysis of the data.
  12. [12]
    Pegasus: Who are the alleged victims of spyware targeting? - BBC
    Jul 22, 2021 · Jamal Khashoggi's wife and the editor of the Financial Times are among those said to be targeted.Missing: FORCEDENTRY | Show results with:FORCEDENTRY
  13. [13]
    About the security content of iOS 14.8 and iPadOS 14.8
    Description: An integer overflow was addressed with improved input validation. CVE-2021-30860: The Citizen Lab. CoreServices. Available for: Available for ...Missing: ForcedEntry | Show results with:ForcedEntry
  14. [14]
    Apple sues NSO Group to curb the abuse of state-sponsored spyware
    Nov 23, 2021 · Apple today filed a lawsuit against NSO Group and its parent company to hold it accountable for the surveillance and targeting of Apple users.
  15. [15]
    [PDF] 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 ... - Apple
    Nov 23, 2021 · APPLE INC.,. Plaintiff, v. NSO GROUP TECHNOLOGIES LIMITED, and Q CYBER TECHNOLOGIES LIMITED,. Defendants. Case No. COMPLAINT. DEMAND ...
  16. [16]
    Apple Sues Israeli Spyware Maker NSO Group - The New York Times
    Dec 6, 2021 · Apple accused NSO Group, the Israeli surveillance company, of “flagrant” violations of its software, as well as federal and state laws.
  17. [17]
    Apple Inc. v. NSO Group Technologies Limited, 3:21-cv-09078
    Brought to you by Free Law Project, a non-profit dedicated to ...
  18. [18]
    Federal judge rejects NSO's effort to dismiss Apple's Pegasus lawsuit
    A federal judge has denied a motion from spyware maker NSO Group to dismiss an Apple lawsuit alleging the company's powerful Pegasus tool has violated computer ...
  19. [19]
    Apple Drops Spyware Case Against NSO Group, Citing Risk of ...
    Sep 16, 2024 · Apple has filed a motion to "voluntarily" dismiss its lawsuit against commercial spyware vendor NSO Group, citing a shifting risk landscape.
  20. [20]
    Apple Suddenly Drops NSO Group Spyware Lawsuit - SecurityWeek
    Apple has abruptly withdrawn its lawsuit against NSO Group, citing increased risk that the legal battle might unintentionally reveal sensitive vulnerability ...
  21. [21]
    Judge Grants Apple's Dismissal Motion In Suit Against Israeli Tech ...
    Further, the judge denied NSO's request for fees and costs, noting NSO's failure to “document any particular fees or costs in question.” Granting the requests ...
  22. [22]
    NSO Group and governments respond to the Pegasus project
    NSO's response to the Pegasus project. NSO Group firmly denies false claims made in your report, many of which are uncorroborated theories that raise serious ...
  23. [23]
    Apple sues Israeli spyware firm NSO Group - BBC
    Nov 24, 2021 · NSO Group says it only supplies Pegasus to military, law enforcement and intelligence agencies from countries with good human-rights records.<|separator|>
  24. [24]
    [PDF] WhatsApp v. NSO Group - Ninth Circuit Court of Appeals
    Nov 8, 2021 · The panel affirmed the district court's order denying a private Israeli corporation's motion to dismiss, based on foreign sovereign immunity, an ...
  25. [25]
    Supreme Court dismisses spyware company NSO Group's claim of ...
    Jan 8, 2023 · The Supreme Court dismissed on Monday an attempt by the Israeli spyware vendor NSO Group to claim immunity from legal challenges.
  26. [26]
    U.S. Blacklists Israeli Firm NSO Group Over Spyware
    Nov 3, 2021 · The Biden administration on Wednesday blacklisted the NSO Group, saying the company knowingly supplied spyware that has been used by foreign governments.
  27. [27]
    Following today's media reports, NSO Group wishes to clarify the ...
    We have committed before that once there is a suspicion that a customer misuses the technology sold by NSO, the company will investigate and will terminate the ...
  28. [28]
    Privatized espionage: NSO Group Technologies and its Pegasus ...
    Dec 1, 2022 · In response, NSO claimed it had enacted an even stricter customer vetting process and cut off Saudi Arabia and the UAE from using their software ...
  29. [29]
    Revealed: leak uncovers global abuse of cyber-surveillance weapon
    Jul 18, 2021 · Spyware sold to authoritarian regimes used to target activists, politicians and journalists, data suggests.
  30. [30]
    Pegasus Spyware Used against Thailand's Pro-Democracy Movement
    Jul 17, 2022 · Uncovering an extensive espionage operation infecting dozens of Thai pro-democracy campaigners with NSO Group's Pegasus spyware.Missing: bypass | Show results with:bypass
  31. [31]
    NSO hacked new Pegasus victims weeks after Apple sought injunction
    Apr 5, 2022 · Jordanian journalists, lawyers and human rights defenders were targeted in the latest wave of phone hacking.
  32. [32]
    NSO GROUP - Cyber intelligence for global security and stability
    prevent and investigate terrorism and crime to save thousands of lives around the globe. GLOBAL THREATS. TERRORISTS AND CRIMINALS ... HELPING GOVERNMENTS
  33. [33]
    CEO of Israeli spyware-maker NSO on fighting terror, Khashoggi ...
    May 14, 2019 · It's been reported that Mexican authorities used Pegasus to capture drug-lord Joaquin Guzman, better known as El Chapo, by tapping the ...Missing: verification | Show results with:verification
  34. [34]
    F.B.I. Secretly Bought Israeli Spyware and Explored Hacking U.S. ...
    Jan 28, 2022 · After NSO began selling Pegasus globally in 2011, Mexican authorities used it to capture Joaquín Guzmán Loera, the drug lord known as El Chapo.Missing: verification | Show results with:verification
  35. [35]
    How Israel's Pegasus Spyware Stoked the Surveillance Debate
    Mar 8, 2022 · For instance, the Mexican government reportedly used Pegasus to help capture the infamous drug lord Joaquin “El Chapo” Guzman in 2016. But ...Missing: verification | Show results with:verification