Back to Blog
Apple security update spyware flaw macs7/19/2023 This update has no published CVE entries. IPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) "NSO Group will continue to provide intelligence and law-enforcement agencies around the world with life-saving technologies to fight terror and crime.IPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Thus far the hackers have only been seen abusing the flaw to take screenshots, but the same exploit could be abused to pilfer files, record audio over the microphone or take images via the Mac’s. If you cant find Software Update in your System Preferences, try going into the App Store and clicking on the Updates tab. In a statement to media, NSO Group had this to say. To update the software on your Mac computer, go to System Preferences, then go to Software Update and click either Update Now or Upgrade Now. While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data." Independent researchers identified the flaw, which lets hackers access devices. We’d like to commend Citizen Lab for successfully completing the very difficult work of obtaining a sample of this exploit so we could develop this fix quickly.Īttacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals. Apple has issued a software patch to block so-called 'zero-click' spyware that could infect iPhones and iPads. "After identifying the vulnerability used by this exploit for iMessage, Apple rapidly developed and deployed a fix in iOS 14.8 to protect our users. Comment from Apple and NSO GroupĪpple later on Monday released the following statement to media outlets, attributable to Ivan Krstić, the company's head of security engineering. 14), and it's likely that the iPhone 13 will be unveiled along with iOS 15. It's not yet clear whether either zero-day flaw patched today is involved.Īpple kicks off its annual fall extravaganza Tuesday (Sept. Soon after Apple released the patches, Reuters posted a story about the intelligence services of the United Arab Emirates hacking the iPhones of domestic political activists and foreign diplomats and politicians. As with the other flaw, Apple says that it is "aware of a report that this issue may have been actively exploited." This flaw affects iOS, iPadOS, Big Sur and Safari, but not watchOS or Catalina. It is a flaw in WebKit, the Safari rendering engine, and its discovery is credited to "an anonymous researcher."Īpple states that "processing maliciously crafted web content may lead to arbitrary code execution" - again, nasty web stuff can hack your device. Apple has released an urgent security update for Mac, iPhone, iPad and Watch users after researchers with Citizen Lab discovered a zero-day, zero-click exploit from mercenary spyware. The other vulnerability, catalogued as CVE-2021-30858, is more mysterious. 13, Apple issued emergency software updates for the iPhone, iPad, Apple Watch and Mac computers after security researchers uncovered a flaw that allows highly invasive spyware to infect. No user action is needed to trigger the exploit, leading information-security experts to call it a "zero-click exploit." Apple has released an urgent security update for Mac, iPhone, iPad and Watch users after researchers with Citizen Lab discovered a zero-day, zero-click exploit from mercenary spyware company NSO. The exploit permits takeover of an iPhone if the user receives a message in iMessage. Today, Citizen Lab disclosed that the same exploit was used on an iPhone belonging to a Saudi political activist. Apple has released emergency security updates to address a new zero-day vulnerability used in attacks to hack iPhones, iPads, and Macs. The researchers called the exploit of the vulnerability "FORCEDENTRY" and said it was used by the Pegasus spyware, commercial spyware developed and distributed by Israel-based NSO Group. According to the advisory, the bug can be exploited to compromise vulnerable iPhones, iPads and Macs by processing maliciously crafted web content. This flaw was discovered last month by Citizen Lab researchers at the University of Toronto who had examined the iPhones of nine Bahraini dissidents.
0 Comments
Read More
Leave a Reply. |