Version 14.8 of iOS, deployed on Tuesday, September 14, 2021, addresses a security flaw spotted by Citizen Lab. The vulnerability had been exploited since February by Israeli spyware Pegasus.
While Apple is due to present its new iPhone this Tuesday, September 14, the Californian company had to urgently publish a security update for its devices (iPhone, iPad, Mac, Apple Watch) and recommends doing so at most quick. The move comes after Citizen Lab researchers discovered at the end of August a flaw that would allow NSO Group spyware, including Pegasus, to give attackers access to a device’s camera, microphone or messages. .
It was last March, while analyzing the phone of a Saudi activist infected with NSO Group’s Pegasus spyware, that Citizen Lab made this discovery. The University of Toronto cybersecurity organization dubbed the “exploit” Forcedentry and found it targeted Apple’s image rendering library, proving effective against devices running iOS, macOS, and watchOS. “We have determined that spyware company NSO Group used the vulnerability to remotely exploit and infect the latest Apple devices with Pegasus spyware”, indicates the organization. According to her, this vulnerability is “Used since at least February 2021”.
Apple took a long time to find the clogging solution
CVE 2021-30860 vulnerability affects iPhones older than iOS 14.8, Macs older than macOS Big Sur 11.6 (Security Update 2021-005 Catalina), Apple Watches older than watchOS 7.6.2, and iPad Pros , iPad Air 2 and up, iPad 5th generation and up, iPad mini 4 and up, and iPod touch 7th generation. Apple has phosphorated to plug the breach for weeks on end, and the security update is now available for affected devices.
“We would like to commend Citizen Lab for completing this rigorous work of obtaining a sample of the exploit so that we can develop this fix quickly., said Ivan Krstić, head of engineering and security architecture at Apple. Attacks like the ones described are very sophisticated, cost millions of dollars to develop, often have a short lifespan, and are used to target specific individuals ”.
The Israeli spyware Pegasus has made the headlines of the international press in recent months, especially after the discovery of its use by several state organizations. In July 2021, an investigation by the journalist collective Forbidden Stories and Amnesty International showed that Pegasus was being used for political purposes by several states to spy on politicians, opponents, activists, journalists and judges. Members of the French government, for example, have been spied on by the Moroccan authorities.
Be careful, however, very expensive and developed by an elite team of hackers, the Pegasus solution must always be ahead to be of interest to its customers. It is therefore possible that other undocumented 0-day vulnerabilities present in iPhones could continue to be exploited as entry points by this spyware.
Risk Disclosure: The articles and articles on Arover.net do not constitute investment advice. Bitcoin and cryptocurrencies are high-risk assets, and you should do your due diligence and do your own research before investing in these currencies.