While “zero click” malware can affect a number of platforms, it may be most recently associated with the early fall of 2021 FORCEDENTRY attack, which leveraged Apple’s image rendering libraries associated with their iMessage platform. The term, zero click, implies that the exploit can be carried out on the device without any interaction from the user, similar to the StageFright attack we saw associated with the Android messaging platform in 2015.

This particular attack vector was used to infect vulnerable Apple devices with the Pegasus spyware, a platform agnostic spy-like utility originally detected in 2016, thanks to a fast-acting high-profile government official who was targeted.

CitizenLabs, who investigated the latest attack vector, noted the presence of multiple Adobe files, with the .gif file extension which caused system-related crashes.

Apple immediately responded with a firmware update to patch the affected operating system versions, and many vendors responded with solutions for detecting vulnerable and breached devices.^3,4

References:

[1] https://for585.com/forcededntry

[2] https://www.sans.org/webcasts/what-you-need-to-know-about-cve-2021-30860-aka-forcedentry/

[3] https://github.com/mvt-project/mvt

[4] https://for585.com/imazingpegasus