Apple has issued a security update following the discovery of a zero-day, zero-click “spyware” that could infect iPhones and iPads.
Discovered By Researchers
The threat was discovered by independent researchers from the University of Toronto’s Citizen Lab while they were analysing the phone of a Saudi activist infected with NSO Group’s Pegasus spyware.
What Is It?
The Citizen Lab has described the threat as a zero-day (unknown, or known but with no patch yet), zero-click “spyware”. This is spying malware that doesn’t need users to click on a link or file to launch it. The Citizen Lab, which has identified the threat as being “in the wild” (already in circulation), says that a “maliciously crafted” PDF file could lead to arbitrary code execution. The threat uses malicious Adobe PDF files disguised to look like GIF (files with the “.gif” extension). The exploit has been dubbed “FORCEDENTRY” and, is believed to target Apple’s image rendering library, and works by exploiting an integer overflow vulnerability in Apple’s image rendering library (CoreGraphics).
iOS, MacOS, and WatchOS Devices At Risk
The researchers found the threat to be effective against Apple iOS, MacOS, and WatchOS devices, and that it has been used by a mercenary spyware company called “NSO Group” to remotely exploit and infect the latest Apple devices with the Pegasus spyware.
Patch Issued In Response
After The Citizen Lab passed the details of its findings to Apple, the tech giant released a patch/security update. Apple issued iOS 14.8 and iPadOS 14.8 patches for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation). Apple says that it is “aware of a report that this issue may have been actively exploited”.
Bad Timing
The news of the discovery of the exploit, which may have been in use since at least February this year, came at a bad time for Apple as the company prepared to unveil its new devices, including its new iPhones and updates to its AirPods and Apple Watch, at its annual launch event (Tuesday).
What Does This Mean For Your Business?
The Citizen Lab researchers have blamed the Israel-based NSO Group for selling technology that is being used as “despotism-as-a-service” by unaccountable government security agencies. Even though this is a real threat to iPhones, iPads, and Apple watches, security commentators say that the vast majority of iPhone owners don’t need to be too concerned because this type of attack is usually highly targeted. Nevertheless, the discovery has come at an unfortunate moment for Apple which has been busy trying to promote the benefits of its new products while competitors like Microsoft have announced the launch of a new, secure, passwordless login system.
This Article has been Republished with Permission from MKLINK
Recent Blogs
Related posts
iPhone Running Slow? Speed It up with One of These Tips
Let's face it, iPhones are amazing devices. But even the sleekest, most powerful iPhone can succumb to the dreaded slowdown. Apps take forever to load [...]
Is Your Business Losing Money Because Employees Can’t Use Tech?
Shiny new tech can be exciting! It promises increased efficiency, happier employees, and a competitive edge. It’s also necessary to stay competitive in today’s technology-driven [...]
10 Easy Steps to Building a Culture of Cyber Awareness
Cyberattacks are a constant threat in today's digital world. Phishing emails, malware downloads, and data breaches. They can cripple businesses and devastate personal lives.Employee error [...]