September 18, 2021

Ukraine Breaking News

Ukraine Breaking News | The Latest News In Ukraine

Apple fixes an NSO Zero Day flaw that affected all devices

Apple released security updates for a zero-day vulnerability. This applies to every iPhone, iPad and Mac. Citizen Lab has discovered and reported the vulnerability. Users are encouraged to update immediately.

According to the tech giant, iOS 14.8 will be available for iPhone and iPad, as well as updates for Apple Watch, macOS, and macOS. He stated that at least one vulnerability could have been “actively exploited”.

– Announcement –

Citizen Lab announced that it now has new evidence of the ForcedEntry vulnerability. The details were revealed by Citizen Lab in August, as part of an investigation into the silent iPhone hack owned by at least one Bahraini activist.

Citizen Lab reported last month that the zero-day flaw, so named because it allows companies to implement a fix in days, was used by Apple’s iMessage to push Pegasus spyware from Israeli company NSO Group to an iPhone. activist.

Pegasus provides government customers with near-complete access to the target’s device, including personal data and messages.

TechCrunch has more information

This was due to the flaws being exploited by the latest iPhone software, iOS 14.4 (later iOS 14.6) that Apple released in May. The vulnerabilities have also broken through the iPhone’s new security features, dubbed BlastDoor. These were intended to protect against silent attacks and filter out potentially malicious code. Citizen Lab refers to this exploit as ForcedEntry because it can bypass Apple’s BlastDoor protections.

– Announcement –

Citizen Lab’s most recent findings stated that it had uncovered evidence of ForcedEntry on an iPhone belonging to a Saudi activist. This exploit was found in the iOS version at the time. The researchers say the exploit exploits a flaw in the way Apple displays images.

Citizen Lab has confirmed that ForcedEntry is now available on all Apple devices with the latest software.

Citizen Lab reported that it released its findings to Apple on Sept. 7. Apple has released updated versions for the vulnerability. Officially, CVE-2023-0860. Citizen Lab said the ForcedEntry exploit is attributed to the NSO Group with great certainty, citing evidence it has seen has not been published previously.

TechCrunch was informed by Citizen Lab’s John Scott-Railton that messaging apps like iMessage are becoming more popular targets for hacking operations. This latest finding highlights the difficulties in securing these apps.

Apple did not respond to our request for comment. NSO Group declined to comment immediately.

– Announcement –

Published on Mon, 13 Sep 2021 18:21:28 +0000

– Announcement –