The zero click defect has been exploited by the NSO since at least February 2021. The "Zero Click, Zero Day" vulnerability has been actively exploited by Pegasus, a spyware developed by the Israeli company NSO Group.
This vulnerability, known as CVE-2021-30860, requires little interaction from the iPhone user in order to exploit it - hence its name "FORCEDENTRY".
Saudi Activist Discovered on iPhone
READ MORE Activist phones targeted by one of the world's most advanced spyware. In March, researchers at The Citizen Lab decided to analyze the iPhone of an unidentified Saudi activist targeted by NSO Group's Pegasus spyware. They received an iTunes backup of the device, and a dump scan showed 27 copies of the obscure GIF in different locations - except that the files weren't images.
These were Adobe Photoshop PSD files saved with a ".gif" extension. The researchers discovered that the files were being sent "right before the phone was hacked" using the Pegasus spyware.
"Despite the extension, the file was actually a 748-byte Adobe PSD file. Copying this file caused IMTranscoderAgent to crash on the device." GIF files were part of the same series of tools. There were many other fake GIFs on the device. They are considered malicious Adobe PDF files with longer file names.
“Citizen Lab discloses vulnerabilities and code to Apple, which has identified the FORCEDENTRY CVE-2021-30860 vulnerability and “malicious processing” malicious PDF files may lead to arbitrary code execution.” Devices equipped with Pegasus Spyware.
Apple offers several security tips
Yesterday, Apple released several security updates to fix CVE-2021-30860 on macOS devices. Apple WatchOS and iOS released the vulnerability could be exploited by "manipulating a malicious PDF" and enabling the attacker's code to run. iPhone and iPad users must install the latest version of the operating system, iOS 14.8 and iPadOS 14.8, to fix this. Mac users must upgrade to Catalina 2021-005 or macOS Big Sur 11.6. Apple Watch users must have watchOS 7.6.2 all versions before the stable versions become vulnerable. p>
CVE-2021-30858 revision also reported a post-use vulnerability patched with an update released in Safari 14.1.2.
“We all have very sophisticated personal devices that have general consequences that vomit for humans. There are many examples of [these risks], such as application data collection — which Apple recently took control of through its Application Tracking Transparency Framework. “Every complex system has exploitable vulnerabilities, and cell phones are no exception,” Jesse Rothstein, chief technology officer and founder of ExtraHop Network Security Company, told Ars. The NSO is an example of how governments essentially buy or outsource cyber weapons. Capabilities. In my opinion, this is not the same as buying and selling guns - it's not set that way. Companies should always address their weaknesses, "but regulations help prevent some people from misusing or falling in love with these electronic weapons." p>
Apple Fixes iMessage for the Day Exploited by Pegasus Spyware
Yesterday, a fictional security researcher revealed three s...
According to a new industry survey, the shortage of semiconductor ch...
macOS Code Execution Error Apple allows remote atta...
The Linux Foundation released its 2021 Open...