"NSO Group will continue to provide intelligence and law-enforcement agencies around the world with life-saving technologies to fight terror and crime. In a statement to media, NSO Group had this to say. While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data." Apple has announced the discovery of a critical security flaw in iPhones, iPads, and Macs that may let attackers seize complete control of a victims device. We’d like to commend Citizen Lab for successfully completing the very difficult work of obtaining a sample of this exploit so we could develop this fix quickly.Īttacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals. "After identifying the vulnerability used by this exploit for iMessage, Apple rapidly developed and deployed a fix in iOS 14.8 to protect our users. Comment from Apple and NSO GroupĪpple later on Monday released the following statement to media outlets, attributable to Ivan Krstić, the company's head of security engineering. 14), and it's likely that the iPhone 13 will be unveiled along with iOS 15. It's not yet clear whether either zero-day flaw patched today is involved.Īpple kicks off its annual fall extravaganza Tuesday (Sept. Soon after Apple released the patches, Reuters posted a story about the intelligence services of the United Arab Emirates hacking the iPhones of domestic political activists and foreign diplomats and politicians. The flaw was originally found by Citizen. Apple’s security team, upon discovery of the flaw, worked to developed the fix on Tuesday. As with the other flaw, Apple says that it is "aware of a report that this issue may have been actively exploited." Apple has released an emergency software update for its products Monday after researchers found there was a flaw that allowed spyware to infect iPhones, Apple Watches or Mac computers, The New York Times reports. This flaw affects iOS, iPadOS, Big Sur and Safari, but not watchOS or Catalina. It is a flaw in WebKit, the Safari rendering engine, and its discovery is credited to "an anonymous researcher."Īpple states that "processing maliciously crafted web content may lead to arbitrary code execution" - again, nasty web stuff can hack your device. The other vulnerability, catalogued as CVE-2021-30858, is more mysterious. No user action is needed to trigger the exploit, leading information-security experts to call it a "zero-click exploit." The exploit permits takeover of an iPhone if the user receives a message in iMessage. Today, Citizen Lab disclosed that the same exploit was used on an iPhone belonging to a Saudi political activist. The researchers called the exploit of the vulnerability "FORCEDENTRY" and said it was used by the Pegasus spyware, commercial spyware developed and distributed by Israel-based NSO Group. Given the apparent seriousness of this latest security patch, we will keep trying to update - as should you.This flaw was discovered last month by Citizen Lab researchers at the University of Toronto who had examined the iPhones of nine Bahraini dissidents. Both spyware makers exploited previously undisclosed vulnerabilities in Apple’s software that allowed their government customers to silently steal data from a victim’s device.Ĭitizen Lab said last month that Lockdown Mode, a feature rolled out by Apple last year to prevent similar targeted attacks, successfully blocked at least one NSO-developed exploit that abused a vulnerability in Apple’s smart home feature, HomeKit. Technology team Apple has released an update to fix security flaws on its iPhone, iPad and Mac devices, which it says hackers may have 'actively exploited'. In recent weeks, researchers have discovered new exploits developed by spyware makers QuaDream and NSO Group aimed at targeting iPhone owners around the world. It’s also not clear what this security update fixes, and Apple did not respond to a request for comment. When TechCrunch tested on an iPhone, iPad and Mac, the updates downloaded but did not immediately install. Some customers said that they could not install the update. Apple has released an update to fix security flaws on its iPhone, iPad and Mac devices, which it says hackers may have 'actively exploited'. But Monday’s rollout hasn’t gone so smoothly.
0 Comments
Leave a Reply. |