Subscribe to WIRED and stay smart with more of your favorite writers. While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data.” “Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals. “We’d like to commend Citizen Lab for successfully completing the very difficult work of obtaining a sample of this exploit so we could develop this fix quickly,” said Apple head of security and engineering Ivan Krstić in a statement. On September 13, Apple pushed fixes for all three. They ascertained not only that ForcedEntry targeted Apple’s image-rendering library, but that it affected macOS and watchOS in addition to iOS. You might rightly wonder: If these attacks were reported a few weeks ago-and the attack has been active since at least February-why is a fix only available now? The answer, at least in part, appears to be that Apple was working with incomplete information until September 7, when Citizen Lab discovered more details of the ForcedEntry exploit on the phone of an activist from Saudi Arabia.
