<?xml version="1.0"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="zh">
	<id>https://arolstar52-zhtest.hf.space/index.php?action=history&amp;feed=atom&amp;title=FORCEDENTRY</id>
	<title>FORCEDENTRY - 版本历史</title>
	<link rel="self" type="application/atom+xml" href="https://arolstar52-zhtest.hf.space/index.php?action=history&amp;feed=atom&amp;title=FORCEDENTRY"/>
	<link rel="alternate" type="text/html" href="https://arolstar52-zhtest.hf.space/index.php?title=FORCEDENTRY&amp;action=history"/>
	<updated>2026-07-02T22:55:48Z</updated>
	<subtitle>在这个wiki上该页的修订历史</subtitle>
	<generator>MediaWiki 1.43.8</generator>
	<entry>
		<id>https://arolstar52-zhtest.hf.space/index.php?title=FORCEDENTRY&amp;diff=4605026&amp;oldid=prev</id>
		<title>imported&gt;暁月凛奈：​使用DisamAssist清理消歧义链接：Project Zero（链接至Project Zero (Google)）。</title>
		<link rel="alternate" type="text/html" href="https://arolstar52-zhtest.hf.space/index.php?title=FORCEDENTRY&amp;diff=4605026&amp;oldid=prev"/>
		<updated>2025-03-28T09:52:23Z</updated>

		<summary type="html">&lt;p&gt;使用&lt;a href=&quot;/index.php?title=User:%E6%9A%81%E6%9C%88%E5%87%9B%E5%A5%88/DisamAssist&amp;amp;action=edit&amp;amp;redlink=1&quot; class=&quot;new&quot; title=&quot;User:暁月凛奈/DisamAssist（页面不存在）&quot;&gt;DisamAssist&lt;/a&gt;清理&lt;a href=&quot;https://en.wikipedia.org/wiki/%E6%B6%88%E6%AD%A7%E4%B9%89&quot; class=&quot;extiw&quot; title=&quot;wikipedia:消歧义&quot;&gt;消歧义&lt;/a&gt;链接：&lt;a href=&quot;/wiki/Project_Zero&quot; title=&quot;Project Zero&quot;&gt;Project Zero&lt;/a&gt;（链接至&lt;a href=&quot;/wiki/Project_Zero_(Google)&quot; title=&quot;Project Zero (Google)&quot;&gt;Project Zero (Google)&lt;/a&gt;）。&lt;/p&gt;
&lt;p&gt;&lt;b&gt;新页面&lt;/b&gt;&lt;/p&gt;&lt;div&gt;{{NoteTA|G1=IT}}&lt;br /&gt;
{{Infobox bug&lt;br /&gt;
| name = FORCEDENTRY&lt;br /&gt;
| image =&lt;br /&gt;
| image_size =&lt;br /&gt;
| alt =&lt;br /&gt;
| caption =&lt;br /&gt;
| screenshot =&lt;br /&gt;
| screenshot_size =&lt;br /&gt;
| screenshot_alt =&lt;br /&gt;
| screenshot_caption =&lt;br /&gt;
| CVE = {{Plainlist|&lt;br /&gt;
* {{CVE|2021-30860}}&lt;br /&gt;
* {{CVE|2021-30858}}&lt;br /&gt;
}}&lt;br /&gt;
| discovered =&lt;br /&gt;
| patched = 2021年9月&amp;lt;ref name=&amp;quot;the-guardian-vuln&amp;quot; /&amp;gt;&lt;br /&gt;
| discoverer = [[公民实验室]]Bill Marczak&amp;lt;ref name=&amp;quot;the-guardian-vuln&amp;quot; /&amp;gt;&lt;br /&gt;
| affected hardware =&lt;br /&gt;
| affected software = {{Plainlist|&lt;br /&gt;
* [[Quartz|苹果CoreGraphics]]（Quartz）&lt;br /&gt;
* [[iOS]]（版本v14.8之前）&lt;br /&gt;
* [[macOS]] （macOS版本Big Sur 11.6、Catalina Security Update 2021-005之前）&lt;br /&gt;
* [[watchOS]]（版本v7.6.2之前）&lt;br /&gt;
}}&lt;br /&gt;
| used by =&lt;br /&gt;
| website =&lt;br /&gt;
}}&lt;br /&gt;
&lt;br /&gt;
&amp;#039;&amp;#039;&amp;#039;FORCEDENTRY&amp;#039;&amp;#039;&amp;#039;，也作&amp;#039;&amp;#039;&amp;#039;ForcedEntry&amp;#039;&amp;#039;&amp;#039;（意为“强行进入”），是一个据称由[[NSO集团]]开发的[[安全漏洞]]，用于部署其[[飞马 (间谍软件)|飞马间谍软件]]。&amp;lt;ref name=bleepingcomputer/&amp;gt;&amp;lt;ref&amp;gt;{{Cite web|title=Apple patches ForcedEntry vulnerability used by spyware firm NSO|url=https://www.computerweekly.com/news/252506645/Apple-patches-ForcedEntry-vulnerability-used-by-spyware-firm-NSO|access-date=2021-09-14|website=ComputerWeekly.com|language=en}}&amp;lt;/ref&amp;gt;其可实现普遍存在于[[iOS 13]]及更低版本的“[[零点击攻击|零点击]]”漏洞的利用程序，同时也破坏了[[苹果公司|苹果]]设置在[[iOS 14]]及更高版本中的“BlastDoor”安全措施。2021年9月，苹果发布了多个设备系列的新版本操作系统，其中包含针对该漏洞的修补程序。&amp;lt;ref name=&amp;quot;the-guardian-vuln&amp;quot;&amp;gt;{{Cite web|date=2021-09-13|title=Israeli spyware firm targeted Apple devices via iMessage, researchers say|url=https://www.theguardian.com/technology/2021/sep/13/nso-group-iphones-apple-devices-hack-patch|access-date=2021-09-13|website=the Guardian|language=en}}&amp;lt;/ref&amp;gt;&amp;lt;ref&amp;gt;{{Cite web|date=2021-09-14|title=Apple products vulnerable to FORCEDENTRY zero-day attack – patch now!|url=https://nakedsecurity.sophos.com/2021/09/14/apple-products-vulnerable-to-forcedentry-zero-day-attack-patch-now/|access-date=2021-09-14|website=Naked Security|language=en-US}}&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
==漏洞利用==&lt;br /&gt;
{{see_also|漏洞利用}}&lt;br /&gt;
该漏洞由[[公民实验室]]发现，&amp;lt;ref name=bleepingcomputer&amp;gt;{{Cite web|title=Apple fixes iOS zero-day used to deploy NSO iPhone spyware|url=https://www.bleepingcomputer.com/news/apple/apple-fixes-ios-zero-day-used-to-deploy-nso-iphone-spyware/|access-date=2021-09-14|website=BleepingComputer|language=en-us}}&amp;lt;/ref&amp;gt;其在报告中称，该漏洞已被用于针对政治异议人士和人权活动家。&amp;lt;ref&amp;gt;{{cite journal|url=https://citizenlab.ca/2021/08/bahrain-hacks-activists-with-nso-group-zero-click-iphone-exploits/|title=Bahraini Government Hacks Activists with NSO Group Zero-Click iPhone Exploits|accessdate=24 August 2021|website=Citizenlab|date=24 August 2021|last1=Marczak |first1=Bill |last2=Abdulemam |first2=Ali |last3=Al-Jizawi |first3=Noura |last4=Anstis |first4=Siena |last5=Berdan |first5=Kristin |last6=Scott-Railton |first6=John |last7=Deibert |first7=Ron }}&amp;lt;/ref&amp;gt;FORCEDENTRY似乎与先前被[[国际特赦组织]]检测到并命名为“Megalodon”的攻击相同。&amp;lt;ref&amp;gt;{{Cite web|title=Bahrain targets activists with NSO&amp;#039;s Pegasus spyware|url=https://www.itpro.co.uk/security/spyware/360682/bahrain-targets-activists-with-nsos-pegasus-spyware|access-date=2021-09-15|website=IT PRO|date=24 August 2021 |language=en}}&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
该漏洞利用以[[PDF]]文件伪装成[[GIF]]文件，将{{Link-en|JBIG2|JBIG2}}编码的数据注入在苹果的[[CoreGraphics]]系统中以引发[[整数溢出]]，&amp;lt;ref&amp;gt;{{Cite web|last=Claburn|first=Thomas|title=Apple emergency patches fix zero-click iMessage bug used to inject NSO spyware|url=https://www.theregister.com/2021/09/13/apple_ios_macos_security_fixes/|access-date=2021-09-15|website=www.theregister.com|language=en}}&amp;lt;/ref&amp;gt;&amp;lt;ref name=Apple&amp;gt;{{Cite web|title=About the security content of macOS Big Sur 11.6|url=https://support.apple.com/en-us/HT212804|access-date=2021-09-14|website=Apple Support|language=en}}&amp;lt;/ref&amp;gt;绕过了苹果为消息内容设置的“BlastDoor”[[沙盒 (計算機安全)|沙盒]]。BlastDoor作为iOS 14的组成引入，旨在防御另一个零点击漏洞[[KISMET]]。&amp;lt;ref name=bleepingcomputer/&amp;gt;&amp;lt;ref name=citizenlab-2021-09-13&amp;gt;{{Cite journal|date=2021-09-13|title=FORCEDENTRY: NSO Group iMessage Zero-Click Exploit Captured in the Wild|url=https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/|access-date=2021-09-13|website=The Citizen Lab|language=en-US|last1=Marczak |first1=Bill |last2=Scott-Railton |first2=John |last3=Razzak |first3=Bahr Abdul |last4=Al-Jizawi |first4=Noura |last5=Anstis |first5=Siena |last6=Berdan |first6=Kristin |last7=Deibert |first7=Ron }}&amp;lt;/ref&amp;gt;&amp;lt;ref&amp;gt;{{Cite web|title=New iOS Zero-Click Exploit Defeats Apple &amp;#039;BlastDoor&amp;#039; Sandbox|url=https://www.securityweek.com/new-ios-zero-click-exploit-defeats-apple-blastdoor-sandbox|access-date=2021-09-14|website=www.securityweek.com|date=24 August 2021 }}&amp;lt;/ref&amp;gt;FORCEDENTRY漏洞被赋予的[[通用漏洞披露|CVE]]标识符为CVE-2021-30860。&amp;lt;ref name=Apple/&amp;gt;2021年12月，谷歌的[[Project Zero (Google)|Project Zero]]团队基于与苹果的[[安全工程与架构]]（SEAR）小组的合作，发表了该漏洞的技术分析。&amp;lt;ref name=projectzero&amp;gt;{{Cite web|last1=Beer|first1=Ian|last2=Groß|first2=Samuel|date=2021-12-15|title=Project Zero: A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution|url=https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html|access-date=2021-12-16|website=[[Google Project Zero]]}}&amp;lt;/ref&amp;gt;&amp;lt;ref&amp;gt;{{Cite web|url=https://uk.pcmag.com/security/137712/google-project-zero-goes-deep-on-forcedentry-exploit-used-by-nso-group|title = Google Project Zero Goes Deep on FORCEDENTRY Exploit Used by NSO Group|date = 15 December 2021}}&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Project Zero团队对该漏洞的描述如下：&lt;br /&gt;
&amp;lt;blockquote&amp;gt;&lt;br /&gt;
JBIG2没有[[脚本语言|脚本]]功能，但当与漏洞结合使用时，它的确能够模拟在任意[[计算机内存|内存]]上运行的任意[[逻辑门]]电路。那么怎么不直接用它来构建一个自己的[[计算机系统结构|计算机架构]]再写脚本！？这正就是该漏洞利用所为。他们使用超过70,000个定义逻辑位运算的段命令，定义了一个小计算机架构，其功能包括[[处理器寄存器|寄存器]]和一个完整的64位[[加法器]]和[[比较器]]，他们使用这些功能来搜索内存并执行算术运算。它没有[[JavaScript|Javascript]]那么快，但是在计算上是基本等效的。[[沙盒 (計算機安全)|沙盒]]逃逸漏洞利用程序的引导操作被编写为在这个逻辑电路上运行，整个过程都在这种怪异、模拟的环境中运行，这个环境是通过JBIG2流的单次解压缩过程创建的。这非常难以置信，同时也很可怖。&amp;lt;ref name=projectzero/&amp;gt;&lt;br /&gt;
&amp;lt;/blockquote&amp;gt;&lt;br /&gt;
&lt;br /&gt;
根据公民实验室的说法，FORCEDENTRY漏洞存在于[[iOS]]版本14.8之前、[[macOS]]版本[[macOS Big Sur|Big Sur]] 11.6和[[MacOS Catalina|Catalina]] Security Update 2021-005之前，以及[[watchOS]]版本7.6.2之前。&amp;lt;ref name=citizenlab-2021-09-13/&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== 苹果官司 ==&lt;br /&gt;
2021年11月，苹果公司就FORCEDENTRY向[[美国加利福尼亚北区联邦地区法院]]对NSO集团及其母公司[[Q Cyber Technologies]]提起诉讼，请求禁令救济、补偿性赔偿、惩罚性赔偿和利润{{Link-en|归还非法所得|Disgorgement|交出}}&amp;lt;ref&amp;gt;{{Cite web|last=Kirchgaessner|first=Stephanie|date=2021-11-23|title=Apple sues Israeli spyware firm NSO Group for surveillance of users|url=https://www.theguardian.com/technology/2021/nov/23/apple-sues-israeli-cyber-firm-nso-group|access-date=2021-11-23|website=the Guardian|language=en}}&amp;lt;/ref&amp;gt;&amp;lt;ref&amp;gt;{{Cite web|title=Apple sues NSO Group to curb the abuse of state-sponsored spyware|url=https://www.apple.com/newsroom/2021/11/apple-sues-nso-group-to-curb-the-abuse-of-state-sponsored-spyware/|access-date=2021-11-23|website=Apple Newsroom|language=en-US|date=2021-11-23}}&amp;lt;/ref&amp;gt;&amp;lt;ref&amp;gt;{{Cite web|title=APPLE INC., v. NSO GROUP TECHNOLOGIES LIMITED, and Q CYBER TECHNOLOGIES LIMITED|url=https://www.apple.com/newsroom/pdfs/Apple_v_NSO_Complaint_112321.pdf|accessdate=2021-11-23}}&amp;lt;/ref&amp;gt;，然而在2024年请求法院撤销诉讼。&amp;lt;ref&amp;gt;{{Cite web|title=Apple seeks to drop its lawsuit against Israeli spyware pioneer NSO|url=https://www.washingtonpost.com/technology/2024/09/13/apple-lawsuit-nso-pegasus-spyware/}}&amp;lt;/ref&amp;gt;&amp;lt;ref&amp;gt;{{Cite web|title=Israel tried to frustrate US lawsuit over Pegasus spyware, leak suggests|url=https://www.theguardian.com/news/article/2024/jul/25/israel-tried-to-frustrate-us-lawsuit-over-pegasus-spyware-leak-suggests}}&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== 参见 ==&lt;br /&gt;
* [[iMessage]]&lt;br /&gt;
* [[零点击攻击]]&lt;br /&gt;
&lt;br /&gt;
== 参考文献 ==&lt;br /&gt;
{{Reflist}}&lt;br /&gt;
&lt;br /&gt;
[[Category:间谍软件]]&lt;br /&gt;
[[Category:特权提升漏洞]]&lt;br /&gt;
[[Category:MacOS恶意软件]]&lt;/div&gt;</summary>
		<author><name>imported&gt;暁月凛奈</name></author>
	</entry>
</feed>