iOS 14.8 fixes a major security flaw related to Pegasus spyware.
According to the New York Times , Apple engineers worked around the clock to fix a critical vulnerability and release iOS 14.8.
Last week, The Citizen Lab notified Apple of a new zero-click exploit on iMessage affecting the image rendering library. Called FORCED ENTRY, the exploit could infect an iPhone, iPad, Apple Watch, or Mac with Pegasus spyware , providing access to the camera and microphone as well as allowing access to text messages, phone calls, and emails.
FORCED ENTRY was distributed by the Israeli NSO group to governments and various other entities, and The Citizen Lab discovered it after analyzing the iPhone of a Saudi activist. The details were sent to Apple on September 7, and it took the company a week to fix the bug. According to The Citizen Lab, FORCED ENTRY has been in use since at least February 2021 .
“This spyware can do everything an iPhone user can do on their device and more,” said Citizen Lab senior researcher John-Scott Railton.
Apple lists the fix as CVE-2021-30860 and describes it as a dangerous PDF that could lead to arbitrary code execution.
In July, a series of reports highlighted iMessage exploits called Pegasus, which were distributed by Israeli surveillance firm NSO Group and used to target journalists, lawyers and human rights activists around the world. At the time, a database of over 50,000 people who had been targeted by NSO clients was made public .
Pegasus spyware is noteworthy because it bypasses BlastDoor , specific iMessage protections that Apple introduced with the launch of iOS 14. BlastDoor is a message sandbox security system designed to prevent exploits like Pegasus, but it is still under development.
Apple told the New York Times that it plans to add anti-spyware barriers in iOS 15 to prevent similar attacks in the future.
Recent Comments