This article has been indexed from MacRumors: Mac News and Rumors – Front Page
Today’s iOS 14.8 update addresses a critical vulnerability that Apple engineers have been working around the clock to fix, reports The New York Times.
Last week, The Citizen Lab informed Apple about a new zero-click iMessage exploit targeting Apple’s image rendering library. Called FORCEDENTRY, the exploit could infect an iPhone, iPad, Apple Watch, or Mac with the Pegasus spyware, providing access to the camera and microphone in addition to allowing access to text messages, phone calls, and emails.
FORCEDENTRY was distributed by Israel’s NSO Group to governments and various other entities, and The Citizen Lab discovered it after analyzing the iPhone of a Saudi activist. Details were sent to Apple on September 7, and Apple took a week to fix the bug. According to The Citizen Lab, FORCEDENTRY has been in use since at least February 2021.
“This spyware can do everything an iPhone user can do on their device and more,” said Citizen Lab senior researcher John-Scott Railton.
Apple lists the fix as CVE-2021-30860, and described it as a maliciously crafted PDF that could lead to arbitrary code execution.
Back in July, a slew of media reports highlighted zero-click iMessage exploits called Pegasus, which were distributed by Israeli surveillance firm NSO Group and were used to target journalists, lawyers, and human rights activists around the world. A database of more than 50,000 people who had been targeted by NSO’s clients was made public at the time.
The Pegasus spyware is notable because it skirts Bla
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: Apple’s iOS 14.8 Update Fixes Zero-Click Exploit Used to Distribute Pegasus Spyware