A zero-click exploit that infects spyware just by opening the iPhone's messaging app is reported, Apple fixes a vulnerability in iOS 14.8
On September 13, 2021, Apple released iOS 14.8 and iPad OS 14.8 to address several security issues. This update addresses a zero-click exploit where your device can be infected with spyware simply by opening
About the security content of iOS 14.8 and iPadOS 14.8 --Apple Support (CA)
https://support.apple.com/en-ca/HT212807
FORCEDENTRY: NSO Group iMessage Zero-Click Exploit Captured in the Wild --The Citizen Lab
https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Stop and update your iPhone to iOS 14.8 right now --The Verge
https://www.theverge.com/2021/9/13/22672352/apple-spyware-gateway-iphone-software-update-nso-pegasus
Apple says iOS 14.8 patches iPhone attack that defeated Blastdoor protections --9to5Mac
https://9to5mac.com/2021/09/13/apple-says-ios-14-8-patches-iphone-attack-that-defeated-blastdoor-protections/
'Pegasus' isa spyware targeting iPhone and Android that was reportedly used to monitor more than 180 journalists in 20 countries. Pegasus is capable of collecting data such as emails, call history, posts on social media, passwords, contacts, photos, movies, recorded files, browsing history from infected terminals, and the details are as follows. You can understand it by reading the article.
What is 'Pegasus' spyware that monitors celebrities and politicians around the world via iPhone and Android? --GIGAZINE
In collaboration with a Saudi Arabian activist who was using an iPhone infected with Pegasus, The Citizen Lab , a cybersecurity research institute at the University of Toronto, continued to analyze Pegasus and discovered the existence of a new zero-click exploit.・ I am reporting.
According to The Citizen Lab, the newly discovered zero-click exploit is called 'FORCE DENTRY' and exploits a vulnerability in Apple's image rendering library (CVE-2021-30860). It has been confirmed that this FORCE DENTRY is effective not only on iOS but also on macOS and watchOS.
NSO Group, the developer of Pegasus, is believed to have used FORCE DENTRY to infect Apple devices with the latest operating systems with Pegasus. The Citizen Lab believes that FORCE DENTRY has been in use since at least around February 2021.
Initially, FORCE DENTRY, which exploited a vulnerability in the image rendering library, was thought to be exploiting a vulnerability in the processing of GIF images that exists on iMessage. However, according to Apple, the problem was PDF processing, and it has been confirmed that processing a maliciously created PDF causes an integer overflow.
The Citizen Lab, which suspected that FORCEDENTRY was related to Pegasus, sent a series of reports to Apple on September 7, 2021, and Apple reported a vulnerability in the image rendering library that was exploited in FORCEDENTRY. We released iOS 14.8 and iPadOS 14.8 on September 13th to fix this.
Another WebKit vulnerability (CVE-2021-30858) has been fixed in iOS 14.8. It's unclear if this is related to NSO Group, but the discoverers of the vulnerability are 'anonymous researchers' rather than The Citizen Lab.
Foreign media The Verge said, 'This case reminds us how important it is to keep all devices up to date.' 'Check that devices are not vulnerable to widely reported security exploits.' We recommend that you update your Apple device to the latest OS as soon as possible. '
Related Posts:
