Apple has issued a security update following the discovery of a zero-day, zero-click “spyware” that could infect iPhones and iPads.
Discovered By Researchers
The threat was discovered by independent researchers from the University of Toronto’s Citizen Lab while they were analysing the phone of a Saudi activist infected with NSO Group’s Pegasus spyware.
What Is It?
The Citizen Lab has described the threat as a zero-day (unknown, or known but with no patch yet), zero-click “spyware”. This is spying malware that doesn’t need users to click on a link or file to launch it. The Citizen Lab, which has identified the threat as being “in the wild” (already in circulation), says that a “maliciously crafted” PDF file could lead to arbitrary code execution. The threat uses malicious Adobe PDF files disguised to look like GIF (files with the “.gif” extension). The exploit has been dubbed “FORCEDENTRY” and, is believed to target Apple’s image rendering library, and works by exploiting an integer overflow vulnerability in Apple’s image rendering library (CoreGraphics).
iOS, MacOS, and WatchOS Devices At Risk
The researchers found the threat to be effective against Apple iOS, MacOS, and WatchOS devices, and that it has been used by a mercenary spyware company called “NSO Group” to remotely exploit and infect the latest Apple devices with the Pegasus spyware.
Patch Issued In Response
After The Citizen Lab passed the details of its findings to Apple, the tech giant released a patch/security update. Apple issued iOS 14.8 and iPadOS 14.8 patches for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation). Apple says that it is “aware of a report that this issue may have been actively exploited”.
Bad Timing
The news of the discovery of the exploit, which may have been in use since at least February this year, came at a bad time for Apple as the company prepared to unveil its new devices, including its new iPhones and updates to its AirPods and Apple Watch, at its annual launch event (Tuesday).
What Does This Mean For Your Business?
The Citizen Lab researchers have blamed the Israel-based NSO Group for selling technology that is being used as “despotism-as-a-service” by unaccountable government security agencies. Even though this is a real threat to iPhones, iPads, and Apple watches, security commentators say that the vast majority of iPhone owners don’t need to be too concerned because this type of attack is usually highly targeted. Nevertheless, the discovery has come at an unfortunate moment for Apple which has been busy trying to promote the benefits of its new products while competitors like Microsoft have announced the launch of a new, secure, passwordless login system.
This Article has been Republished with Permission from MKLINK
Recent Blogs
Related posts
Top 10 Benefits of Switching to a VoIP Phone System for Your Business
In today's fast-paced business environment, effective communication is crucial to success. For small and medium-sized enterprises (SMEs), choosing the right phone system can make a [...]
Understanding Managed IT Services: What They Are and Why Your Business Needs Them
In today's fast-paced digital landscape, businesses of all sizes increasingly rely on technology to drive growth and efficiency. As IT infrastructure becomes more complex, the [...]
Introducing the New Microsoft Planner (Everything You Need to Know)
Calendars, task lists, and project planning are important business tools. Many people use Microsoft’s apps to power these processes. Including Planner, Microsoft To Do, and [...]
