![]() ![]() "NSO Group will continue to provide intelligence and law-enforcement agencies around the world with life-saving technologies to fight terror and crime. In a statement to media, NSO Group had this to say. While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data." Apples iOS and iPadOS 14.8 updates, as well as a MacOS update released on Monday, patch the FORCEDENTRY flaw, which may have been in use since February, the researchers said. We’d like to commend Citizen Lab for successfully completing the very difficult work of obtaining a sample of this exploit so we could develop this fix quickly.Īttacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals. ![]() "After identifying the vulnerability used by this exploit for iMessage, Apple rapidly developed and deployed a fix in iOS 14.8 to protect our users. Comment from Apple and NSO GroupĪpple later on Monday released the following statement to media outlets, attributable to Ivan Krstić, the company's head of security engineering. 14), and it's likely that the iPhone 13 will be unveiled along with iOS 15. It's not yet clear whether either zero-day flaw patched today is involved.Īpple kicks off its annual fall extravaganza Tuesday (Sept. Soon after Apple released the patches, Reuters posted a story about the intelligence services of the United Arab Emirates hacking the iPhones of domestic political activists and foreign diplomats and politicians. Apple has released an urgent security update for Mac, iPhone, iPad and Watch users after researchers with Citizen Lab discovered a zero-day, zero-click exploit from mercenary spyware company NSO. As with the other flaw, Apple says that it is "aware of a report that this issue may have been actively exploited." This flaw affects iOS, iPadOS, Big Sur and Safari, but not watchOS or Catalina. It is a flaw in WebKit, the Safari rendering engine, and its discovery is credited to "an anonymous researcher."Īpple states that "processing maliciously crafted web content may lead to arbitrary code execution" - again, nasty web stuff can hack your device. The other vulnerability, catalogued as CVE-2021-30858, is more mysterious. No user action is needed to trigger the exploit, leading information-security experts to call it a "zero-click exploit." The exploit permits takeover of an iPhone if the user receives a message in iMessage. Today, Citizen Lab disclosed that the same exploit was used on an iPhone belonging to a Saudi political activist. The researchers called the exploit of the vulnerability "FORCEDENTRY" and said it was used by the Pegasus spyware, commercial spyware developed and distributed by Israel-based NSO Group. Check back for updates as more information becomes available.ĭownload the FREE Boston 25 News app for breaking news alerts.įollow Boston 25 News on Facebook and Twitter.This flaw was discovered last month by Citizen Lab researchers at the University of Toronto who had examined the iPhones of nine Bahraini dissidents. The company has previously acknowledged similarly serious flaws and, in what Strafach estimated to be perhaps a dozen occasions, has noted that it was aware of reports that such security holes had being exploited. Apple has released security updates for this, and if you're up-to-date with. Security researcher Will Strafach said he had seen no technical analysis of the vulnerabilities that Apple has just patched. SPYWARE AND OTHER MALWARE There are at least four known threats at the time. Its spyware is known to have been used in Europe, the Middle East, Africa and Latin America against journalists, dissidents and human rights activists. NSO Group has been blacklisted by the U.S. In all cases, it cited an anonymous researcher.Ĭommercial spyware companies such as Israel’s NSO Group are known for identifying and taking advantage of such flaws, exploiting them in malware that surreptitiously infects targets’ smartphones, siphons their contents and surveils the targets in real time. Apple did not say in the reports how, where or by whom the vulnerabilities were discovered. ![]()
0 Comments
Leave a Reply. |