Full width home advertisement

Welcome Home


Post Page Advertisement [Top]

Apple Releases iOS 14.8 with a Security Update to Address Spyware Vulnerability


Apple released security updates for its iPhone, iPad, Apple Watch, and Mac computers on Monday, patching a vulnerability that was reportedly exploited by invasive spyware developed by NSO Group, an Israeli security firm. The updates were made available to customers on Monday.


According to Apple's security note for iOS 14.8 and iPadOS 14.8, the following is true: "The processing of a maliciously crafted PDF may result in the execution of arbitrary code. Apple has been made aware of a report claiming that this vulnerability has been actively exploited." In addition to WatchOS 7.6.2 and MacOS Big Sur 11.6 updates, Apple also released a security update for MacOS Catalina to address the vulnerability.


How does Citizen Lab comes into Picture


The Citizen Lab, a public interest cybersecurity group, conducted research and discovered that a Saudi activist's phone had been infected with Pegasus, NSO Group's most well-known product. The New York Times first reported on the fix, which was released earlier this week. Apple's image rendering library is the target of a zero-day zero-click exploit against iMessage, according to Citizen Lab. The exploit was effective against Apple's iPhones, laptops, and Apple Watches, according to Citizen Lab.


NSO used the vulnerability to remotely infect devices with its Pegasus spyware, according to Citizen Lab, which is based at the University of Toronto. Citizen Lab believes the exploit has been in use since at least February, and that it has identified the vulnerability in question. It urged all Apple users to upgrade their operating systems as soon as they could.


Citizen Lab stated in a report that "ubiquitous chat apps have become a major target for the most sophisticated threat actors, including nation-state espionage operations and the mercenary spyware companies that service them." In their current configuration, many chat applications have become an irresistible soft target.


Apple is preparing for one of its most important annual events, the rollout of new products in the fall, when the company received word of the security update. Apple is expected to unveil new iPhones, iPads, and Apple Watches on Tuesday, according to industry analysts and analysts. Concerns about the security of those products would almost certainly have an impact on sales.


Does Apple Pose a Threat to its Users?


After receiving a sample of the exploit from Citizen Lab, Apple stated that it did not pose a threat to the vast majority of its users.


According to Ivan Krsti, who oversees Apple's security engineering and architecture operations, "attacks such as the ones described are highly sophisticated, cost millions of dollars to develop, have a short shelf life, and are used to target specific individuals." We continue to work tirelessly to defend all of our customers, and we are constantly adding new protections for their devices and data, despite the fact that they do not pose a threat to the overwhelming majority of our users.


According to a report published in July, researchers discovered evidence of attempted or successful Pegasus installation attempts on 37 phones belonging to activists, journalists, and businesspeople. All of the devices, with the exception of three, were iPhones. Some of the individuals appear to have been the targets of secret surveillance through Pegasus, software that is intended to be used to track down criminals and terrorists, according to the information available. In addition to accessing and recording text, videos, photos and web activity, the spyware is reportedly capable of passively recording and scraping passwords from a device's hard drive.


Although the National Security Organization issued a statement late Monday that did not directly address Apple's update, it did state that it "will continue to provide intelligence and law enforcement agencies around the world with life-saving technologies to fight terror and crime."


The company, which licenses surveillance software to government agencies, claims that its Pegasus software aids authorities in their efforts to combat criminals and terrorists who take advantage of encryption technology to operate in the "dark," according to the company. Pegasus is a secretive app that runs on smartphones and provides information about their owners' activities. Other companies also provide software of a similar nature.


Shalev Hulio, the company's CEO, co-founded the company in 2010. Along with Pegasus, NSO provides other tools that track down where a phone is being used, defend against drone attacks, and mine law enforcement data to identify patterns of behavior.


NSO has been implicated in a number of other hacks, including the high-profile hack of Amazon founder Jeff Bezos, which occurred in 2018. An activist for Saudi dissident Jamal Khashoggi filed a lawsuit against the company the same year, alleging that the company was involved in hacking a device belonging to Khashoggi, who was murdered inside the Saudi embassy in Turkey.

No comments:

Post a Comment

Bottom Ad [Post Page]