apple on monday released security update For your iPhone, iPad, Apple Watch and Mac computers that close the vulnerability allegedly exploited Produced by Invasive Spyware NSO Group, an Israeli security company.
tech giant’s iOS 14.8 and iPadOS 14.8 . security note for Says: “Processing a maliciously generated PDF may result in arbitrary code execution. Apple is aware of a report that this issue may be actively exploited.” Apple also released a security update to address the vulnerability for watchOS 7.6.2, macOS Big Sur 11.6 and macOS Catalina.
The fix, previously reported by The New York Times, stems from research by The Citizen Lab, a public interest cybersecurity group that found that a Saudi worker’s phone was infected with Pegasus, the NSO Group’s best-known product. According to Citizen Lab, the zero-day zero-click exploit against iMessage, which it nicknamed ForcedEntry, targets Apple’s image rendering library and was effective against the company’s iPhones, laptops and Apple Watches.
Citizen Lab, which is based at the University of Toronto, says it has determined that NSO has exploited the vulnerability with its Pegasus spyware to remotely infected devices, assuming that the exploit has been around since at least February. is in use. It urged all Apple users to update their operating systems immediately.
“Ubiquitous chat apps have become a prime target for the most sophisticated threat actors, including nation state spying operations and the mercenary spyware companies that serve them,” civil laboratory said in a report. “As currently engineered, many chat apps have become an irresistible soft target.”
News of the security update comes as Apple prepares for one of its most important annual events, the fall new products. On Tuesday, the company expects. Sales are likely to be affected by concerns about the safety of those products.
Apple thanked Citizen Lab for providing a sample of the exploit, which the iPhone maker said did not pose a threat to most of its users.
“Attacks like those described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are designed to target specific individuals,” Evan Kristik, who runs Apple’s security engineering and architecture operations, said in a statement. is used for.” “While this means they do not pose a threat to the overwhelming majority of our users, we continue to work tirelessly to protect all of our customers, and we are continually adding new protections to their devices and data.”
In July, Able to access and record textsPassively recording and scraping videos, photos and web activity as well as passwords on the device.Attempts or successful installations of Pegasus on 37 phones of activists, journalists and businessmen. All devices except three were iPhones. Some people appear to have been targets of covert surveillance through Pegasus, software that should be used to chase down criminals and terrorists. spyware is allegedly
NSO issued a statement late Monday that did not directly address Apple’s update, but said it was “providing intelligence and law enforcement agencies around the world with life-saving technologies to fight terror and crime.” will continue to do so.”
The company, which licenses surveillance software to government agencies, says its Pegasus software helps authorities deal with criminals and terrorists who take advantage of encryption technology.DarknessPegasus runs incognito on smartphones, providing insight into what their owners are up to. Other companies provide similar software.
CEO Shalev Hulio co-founded the company in 2010. In addition to Pegasus, NSO offers other tools that track where phones are being used, protect against drones, and mine law enforcement data to spot patterns.
NSO has been implicated in other hacks, including Amazon founder Jeff Bezos’ high-profile hack in 2018. In the same year, a Saudi dissident sued the company for its alleged role in hacking a device Related to journalist Jamal Khashoggi, who was assassinated inside the Saudi Embassy in Turkey.