![]() We urge readers to immediately update all Apple devices.ĭevices affected by CVE-2021-30860 per Apple:Īll iPhones with iOS versions prior to 14.8, All Mac computers with operating system versions prior to OSX Big Sur 11.6, Security Update 2021-005 Catalina, and all Apple Watches prior to watchOS 7.6.2. Today, September 13th, Apple is releasing an update that patches CVE-2021-30860. The Citizen Lab disclosed the vulnerability and code to Apple, which has assigned the FORCEDENTRY vulnerability CVE-2021-30860 and describes the vulnerability as “processing a maliciously crafted PDF may lead to arbitrary code execution.” We believe that FORCEDENTRY has been in use since at least February 2021. We determined that the mercenary spyware company NSO Group used the vulnerability to remotely exploit and infect the latest Apple devices with the Pegasus spyware. The exploit, which we call FORCEDENTRY, targets Apple’s image rendering library, and was effective against Apple iOS, MacOS and WatchOS devices. While analyzing the phone of a Saudi activist infected with NSO Group’s Pegasus spyware, we discovered a zero-day zero-click exploit against iMessage. ![]() These capabilities can fetch millions of dollars on the underground market for hacking tools. But NSO Group’s zero-click capability gives the victim no such prompt, and enables full access to a person’s digital life. In the past, victims only learned their devices were infected by spyware after receiving a suspicious link texted to their phone or email. Apple issues emergency security updates to close a spyware flaw The software updates fix a critical vulnerability in its products after security researchers uncovered a flaw that allows. “This spyware can do everything an iPhone user can do on their device and more,” said John Scott-Railton, a senior researcher at Citizen Lab, who teamed up with Bill Marczak, a senior research fellow at Citizen Lab, on the finding. Using the zero-click infection method, Pegasus can turn on a user’s camera and microphone, record their messages, texts, emails, calls - even those sent via encrypted messaging and phone apps like Signal - and send it back to NSO’s clients at governments around the world. Known as a “zero click remote exploit,” it is considered the Holy Grail of surveillance because it allows governments, mercenaries and criminals to secretly break into a victim’s device without tipping them off. The spyware, called Pegasus, used a novel method to invisibly infect an Apple device without the victim’s knowledge for as long as six months. Researchers at Citizen Lab found that NSO Group, an Israeli spyware company, had infected Apple products without so much as a click. Apple issues emergency security updates to close spyware flaw (NCD) Septemat 7:48 am EDT. ![]() This is the Holy Grail of surveillance capabilities and you are vulnerable until you update.Īpple Issues Emergency Security Updates to Close a Spyware Flaw Apple issues emergency security updates to close spyware flaw. New zero-click NSO Group #Pegasus spyware has been infecting iPhones, Macs, Watches. The company has previously acknowledged similarly serious flaws and, in what Strafach estimated to be perhaps a dozen occasions, has noted that it was aware of reports that such security holes had being exploited.Nicole NEWS: Do you own an Apple product? UPDATE IT NOW. Security researcher Will Strafach said he had seen no technical analysis of the vulnerabilities that Apple has just patched. Its spyware is known to have been used in Europe, the Middle East, Africa and Latin America against journalists, dissidents and human rights activists. NSO Group has been blacklisted by the U.S. Updates are necessary to keep your device safe from hackers who might run malicious code on your device.Ĭommercial spyware companies such as Israel’s NSO Group are known for identifying and taking advantage of such flaws, exploiting them in malware that surreptitiously infects targets’ smartphones, siphons their contents and surveils the targets in real time. To update your Apple device to the latest operating system that includes the security patches on your phone go to “Settings,” click “General” and click “Software Update.” On the Mac, go to “System Preferences,” then “Software Update.” WHY IS UPDATING YOUR APPLE DEVICE SO URGENT? Deputies Suspended in Tyre Nichols Case Didn't Keep Body Cams on At Scene HOW DO I UPDATE MY DEVICE?
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |