Apple patches a new zero-day flaw affecting all devices

DMCA / Correction Notice
- Advertisement -


Apple has released Security update for a newly discovered zero-day vulnerability that affects every iPhone, iPad, Mac, and Apple Watch. Citizen Lab, which discovered the vulnerability and is credited with finding it, urges users to update their devices immediately.

- Advertisement -

The technology giant said iOS 14.8 for iPhones and iPads, as well as new updates for Apple Watch and macOS, will fix at least one vulnerability it says “may have been actively exploited”. “

Citizen Lab said it has now discovered new artifacts of the ForcedEntry vulnerability, details that were first revealed in August as part of an investigation into the use of a zero-day vulnerability that was used by at least one Bahrain worker. Had to hack into the respective iPhones silently.

advertisement

Last month, Citizen Lab said the zero-day flaw — so named because it gives companies zero days to roll out a fix — took advantage of a flaw in Apple’s iMessage, used by Israeli firm NSO Group. Developed to push Pegasus spyware. , on the worker’s phone. The breach was significant because the flaws exploited the latest iPhone software at the time, both iOS 14.4 and later iOS 14.6, which Apple released in May. But vulnerabilities also broke through the new iPhone security that Apple baked into iOS 14, dubbed BlastDoor, which was supposed to block silent attacks by filtering out potentially malicious code. Citizen Lab calls this particular exploit ForcedEntry, for its ability to undermine Apple’s blastdoor security.

In its latest findings, Citizen Lab said it found evidence of a ForcedEntry exploit on a Saudi worker’s iPhone, which was running the latest version of iOS at the time. Now Citizen Lab says the same ForcedEntry exploit works on all Apple devices running the latest software.

- Advertisement -

Citizen Lab said it reported its findings to Apple on September 7. Apple pushed the update for the vulnerability, which is officially known as CVE-2021-30860. Citizen Lab said it attributes the exploit of ForcedEntry with high confidence to the NSO Group, noting that it has not been previously published.

When reached, Apple declined to comment. The NSO Group did not immediately comment.

Evolving… and soon…

- Advertisement -

Stay on top - Get the daily news in your inbox

Recent Articles

Related Stories