Last month, Citizen Lab said the zero-day flaw - named as such since it gives companies zero days to roll out a fix - took advantage of a flaw in Apple’s iMessage, which was exploited to push the Pegasus spyware, developed by Israeli firm NSO Group, to the activist’s phone. The technology giant said iOS 14.8 for iPhones and iPads, as well as new updates for Apple Watch and macOS, will fix at least one vulnerability that it said “may have been actively exploited.”Ĭitizen Lab said it has now discovered new artifacts of the ForcedEntry vulnerability, details it first revealed in August as part of an investigation into the use of a zero-day vulnerability that was used to silently hack into iPhones belonging to at least one Bahraini activist. Citizen Lab, which discovered the vulnerability and was credited with the find, urges users to immediately update their devices.
#Apple security update pegasus mac#
And in case you're taking solace in encrypted apps like Telegram or Signal, these are fully accessible via your device, which means after infection NSO can also peruse, copy, and share all of your encrypted data to whomever they want, according to the NYTimes.Apple has released security updates for a zero-day vulnerability that affects every iPhone, iPad, Mac and Apple Watch. This means tracking calls, sent emails or texts, and even activating your device's camera without any sign that it's switched on. Because, worryingly, a hacker who's exploited your phone can do "everything an iPhone user can do on their device and more" post-infection, according to a New York Times report.
Typically, low-level malware doesn't require input from the user, which means NSO only needed to break into your iPhone to send a hidden, malware-stuffed iMessage without a notification, explained the researchers in their report.Įncrypted apps aren't protected from the new Apple exploitĮarlier Citizen Lab reports have also detected zero-click attacks from NSO on other devices, and, often, devices infected with the exploit "may not notice anything suspicious", which means it's up to the researchers, Apple, and every user to spread the word whenever one is encountered. During the investigation, they saw that NSO Group had probably exploited what's called a "zero-click" vulnerability in iMessage that opens a door for Pegasus to upload onto your device. Citizen Lab researchers reported that they uncovered the flaw while examining a Pegasus-infected phone that belonged to a Saudi activist. Apple dubbed the update CVE-2021-30860, and it cites Citizen Lab as the entity that discovered the critical exploit. Researchers at the University of Toronto's Citizen Lab shared an urgent report explaining the exploit earlier on Monday.
#Apple security update pegasus pro#
Apple says iPad OS or iOS devices with compatibility for the update include "iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)." If you're wondering where this is coming from, the answer lies in Canada. First, see if your device is running iOS 14.8, iPad OS 14.8, macOS Big Sur 11.6, watchOS 7.6.2, or security update 2021-005 for macOS Catalina, depending on which device(s) you own. But that's no excuse to leave yourself (and your device) with a major vulnerability. Statistically, you're probably not the one the hackers want to exploit. Citizen Lab discovered the Apple exploit in a Saudi activist's phone
0 kommentar(er)
