Apple releases a security update to close spy vulnerabilities |
Apple has released a number of new updates to iOS, macOS, and watchOS to fill a security hole. Citizen Lab security researchers said the vulnerability could be exploited to allow government agencies to install spies on the phones of journalists, lawyers and activists. Programming.
The researchers said the vulnerability allowed the Pegasus spyware to be "unclickable" (meaning a target could be infected without any action) which is said to be able to steal data, passwords, and use of a phone's microphone or camera.
Due to the severity of the exploit, you should update to iOS 14.8, macOS Big Sur 11.6, and watchOS 7.6.2 as soon as possible.
Information about the vulnerability surfaced in August when Citizen Lab reported that it had been successfully used on phones running iOS 14.6 (released in May).
Citizen Lab also said that this vulnerability, called ForcedEntry, looks like an AI exploit in July.
At the time, security researchers wrote that this was due to a flaw in Apple's CoreGraphics system that occurred when the phone attempted to use GIF-related features after receiving a text message containing a malicious file.
However, even with this information, it is difficult to determine what happened without access to the infected file itself.
Apple releases a security update to close spy vulnerabilities
According to Citizen Lab, they discovered the files while rescanning the backup of the hacked phone. These files appear to be GIFs sent as SMS attachments, but they are actually PSD and PDF files.
Updated instructions from Apple indicate that the problem occurred while processing a malicious PDF file.
Citizen Lab suspects that this may be related to the Pegasus software. So I sent the file to Apple on September 7. The company released a software update on September 13 to fix the bug.
Today's updates also address the second WebKit security issue for iOS and macOS Big Sur. (Not mentioned in the Catalina system release notes.)
However, it is not clear if this is related to the NSO exploit. But the company said it could have been actively used.
This pressing security issue is why a new iOS update was released hours before the company event. New phones are expected to arrive in markets that may not be able to use this version of the operating system.