Please take action to update to iOS 14.8, macOS Big Sur 11.6, and watchOS 7.6.2 on Berkeley Lab and personal Apple systems immediately.
Last week, The Citizen Lab informed Apple about a new zero-click iMessage exploit targeting Apple's image rendering library. This vulnerability allows your Apple device to be compromised with no interaction from you nor any visibility indicators to you. Called FORCEDENTRY, the exploit can infect iPhone, iPad, Apple Watch, or Mac systems with the Pegasus spyware, providing access to the camera and microphone in addition to allowing access to text messages, phone calls, and emails.
"This spyware can do everything an iPhone user can do on their device and more," said Citizen Lab senior researcher John-Scott Railton. You can read more details about this issue in the Citizen Lab writeup.
On September 13, Apple released a suite of new updates for iOS, macOS, and watchOS to fix this bug.
Given the severity of the exploit, you should update to iOS 14.8, macOS Big Sur 11.6, and watchOS 7.6.2 on Berkeley Lab and personal systems you control as soon as you can.
Thank you in advance for helping to Protect Science, it’s greatly appreciated.