The title says it all, friends. Apple has just released one Emergency patch A security flaw that NSO gives to the group Horrible Pegasus spyware infects a target Apple devices, including an iPhone, iPad, Mac and Apple Watch.
Could you, personally, be targeted by disguised hacker-by-hire? Probably not. But that doesn’t mean you have a good reason to keep your Apple devices weak.
To make sure your devices have received updates, check that you are using Security Update 2021-005 for iOS 14.8, iPad OS 14.8, watchOS 7.6.2, macOS Big Sur 11.6, and macOS Catalina. According to Apple, compatible iOS and iPad OS devices include: “iPhone 6S and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later and iPod Touch (7th Generation). ”
Security researchers at the University of Toronto’s Citizen Lab uncovered zero-day exploitation, which revealed A report Details of today’s exploitation. In Apple’s terminology, known as update CVE-2021-30860, And it credits the Citizen Lab for finding vulnerabilities.
Citizen Lab Researchers say they stumbled upon a Pegasus-infected phone belonging to a Saudi worker and found that the NSO group may have exploited a so-called “zero-click” vulnerability in iMessage to get Pegasus into the device. Unlike most low-level malware, this type of exploitation requires zero input on the part of the user. Past Citizens Lab reports Other devices contain detailed descriptions of NSO’s zero-click attacks, noting that in many cases those who harbor infected devices “can’t notice anything suspicious” are actually happening.
Meanwhile, John Scott-Relton as a researcher at the Citizen Lab Says The New York Times, whoever is behind this exploitation, can do “what iPhone users can do on their device and much more” if infected. These include sending texts or emails, making any calls and turning on the device’s camera without the user’s knowledge. Even if those contacts are over An encrypted app like Times Report, Signal or Telegram, NSO can still collect that data and return it to their customers.
It’s worth noting that in the past Apple has been working to fix hardware zero-click vulnerabilities, quietly tweaking the underlying iOS code. This is the past February in an effort to make these hacks more difficult to stop.
We’ve reached out to Apple for comment on the update and will update here when we hear.