https://safirsoft.com Apple Fixes iMessage for the Day Exploited by Pegasus Spyware

The zero click defect has been exploited by the NSO since at least February 2021. The "Zero Click, Zero Day" vulnerability has been actively exploited by Pegasus, a spyware developed by the Israeli company NSO Group.

This vulnerability, known as CVE-2021-30860, requires little interaction from the iPhone user in order to exploit it - hence its name "FORCEDENTRY".

Saudi Activist Discovered on iPhone

READ MORE Activist phones targeted by one of the world's most advanced spyware. In March, researchers at The Citizen Lab decided to analyze the iPhone of an unidentified Saudi activist targeted by NSO Group's Pegasus spyware. They received an iTunes backup of the device, and a dump scan showed 27 copies of the obscure GIF in different locations - except that the files weren't images.

These were Adobe Photoshop PSD files saved with a ".gif" extension. The researchers discovered that the files were being sent "right before the phone was hacked" using the Pegasus spyware.

"Despite the extension, the file was actually a 748-byte Adobe PSD file. Copying this file caused IMTranscoderAgent to crash on the device." GIF files were part of the same series of tools. There were many other fake GIFs on the device. They are considered malicious Adobe PDF files with longer file names.

“Citizen Lab discloses vulnerabilities and code to Apple, which has identified the FORCEDENTRY CVE-2021-30860 vulnerability and “malicious processing” malicious PDF files may lead to arbitrary code execution.” Devices equipped with Pegasus Spyware.

Apple offers several security tips

Yesterday, Apple released several security updates to fix CVE-2021-30860 on macOS devices. Apple WatchOS and iOS released the vulnerability could be exploited by "manipulating a malicious PDF" and enabling the attacker's code to run. iPhone and iPad users must install the latest version of the operating system, iOS 14.8 and iPadOS 14.8, to fix this. Mac users must upgrade to Catalina 2021-005 or macOS Big Sur 11.6. Apple Watch users must have watchOS 7.6.2 all versions before the stable versions become vulnerable.

CVE-2021-30858 revision also reported a post-use vulnerability patched with an update released in Safari 14.1.2.

“We all have very sophisticated personal devices that have general consequences that vomit for humans. There are many examples of [these risks], such as application data collection — which Apple recently took control of through its Application Tracking Transparency Framework. “Every complex system has exploitable vulnerabilities, and cell phones are no exception,” Jesse Rothstein, chief technology officer and founder of ExtraHop Network Security Company, told Ars. The NSO is an example of how governments essentially buy or outsource cyber weapons. Capabilities. In my opinion, this is not the same as buying and selling guns - it's not set that way. Companies should always address their weaknesses, "but regulations help prevent some people from misusing or falling in love with these electronic weapons."

Apple Fixes iMessage for the Day Exploited by Pegasus Spyware
apple-fixes-imessage-for-the-day-exploited-by-pegasus.html

https://safirsoft.com Three 0 days on iOS showed researcher disappointed with rewarding Apple bugs

Three 0 days on iOS showed researcher disappointed with rewarding Apple bugs

Public disclosure follows other grievances about Apple's behavior to reward bugs.

Yesterday, a fictional security researcher revealed three s...

https://safirsoft.com Exchange / Outlook showed an error auto detecting more than 100,000 email passwords

Exchange / Outlook showed an error auto detecting more than 100,000 email passwords

A flaw in the Autodiscover protocol could expose email passwords to third parties. essential. This flaw allows attackers who buy domains called "autod...
https://safirsoft.com The chip shortage is now exacerbated by labor shortages

The chip shortage is now exacerbated by labor shortages

Material costs will also rise and the shortage will continue until 2022.

According to a new industry survey, the shortage of semiconductor ch...

https://safirsoft.com Security audit raises stern warnings about Chinese smartphone models

Security audit raises stern warnings about Chinese smartphone models

The audit flagged Xiaomi and Huawei but it's licensed to OnePlus. The Lithuanian National Cyber ​​Security Center (NCSC) recently released a secur...
https://safirsoft.com Patched macOS vulnerability allows remote attackers to execute code

Patched macOS vulnerability allows remote attackers to execute code

Internet shortcuts have the ability to execute code. The latest Mac is not fully patched.

macOS Code Execution Error Apple allows remote atta...

https://safirsoft.com The Linux Foundation says companies lean on open source talent

The Linux Foundation says companies lean on open source talent

A 2021 survey shows that 97% of hiring managers prioritize free and open source software careers.

The Linux Foundation released its 2021 Open...