Monday, April 29, 2024
Latest:

TITA TECHIE

A Filipina Digital ImmigrAUNT

Security 

If you’re an Apple user, update your iPhone, iPad, Mac, and Apple Watch NOW!

Tita Jane 0 Comments

Apple has just released an emergency security patch for iOS and macOS to address a security flaw that allows the Pegasus spyware of the NSO Group to infect Apple devices across its product lines — iPhones, iPads, Macs, and Apple Watches. The update is called CVE-2021-30860.

Photo credits to howtostartablogonline.net

University of Toronto’s Citizen Lab is being credited by Apple for finding the vulnerability. On their website, Citizen Lab says that they discovered a zero-day, zero-click exploit against iMessage while they were analyzing the phone of a Saudi activist whose phone was infected with the Pegasus spyware.

Named FORCEDENTRY, the exploit “targets Appleā€™s image rendering library, and was effective against Apple iOS, MacOS and WatchOS devices”, Citizen Lab says. They also believe that FORCEDENTRY has been used since February 2021.

A huge problem with zero-click vulnerability is that the phone’s owner does not even have to do anything. In this case, NSO just needed to break into the device by sending an iMessage with invisible malware without the user’s knowledge. Many times, the phone’s owner will not even notice anything suspicious with his phone’s activity.

What can a phone infected with FORCEDENTRY allow NSO to do?

FORCEDENTRY lets whoever is behind this exploit to do practically everything the owner can including tracking texts and emails sent, calls made, and switching on the phone camera without alerting the user. Even if these communications are done over apps with end-to-end encryption like Signal or Telegram, the data can still be harvested and passed back to NSO’s client.

While Citizen Lab says that the phone it was examining was infected through iMessage, Apple’s bulletin described the impact affecting CoreGraphics, Apple’s image rendering library, as follows: “Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.” This implies that the vulnerability may go beyond iMessage.

What devices are vulnerable to FORCEDENTRY?

Citizen Lab says Apple gave a list of affected devices:

  • iPhones with iOS versions prior to 14.8
  • All Mac computers with operating systems prior to OSX Big Sur 11.6
  • Security update 2021-005 Catalina
  • All Apple Watches prior to watchOS 7.6.2

What phones can be updated with this security patch?

Apple lists the following phone models for which the patch is available: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Update all your Apple devices NOW!

 

 

Tita Jane

Tita forever, geek forever!!! Loves gadgets more than clothes... First introduced to IT via punched cards and COBOL programming... IT auditor for over 5 years... IT consultant covering the financial industry for over 7 years... Now, a blogger and social media practitioner...and still covering the IT world, among other interests. And proud that all my kids are geeky as well. ~ Tita Jane Uymatiao

You May Also Like

Why you should seriously consider using a password manager

Tita Jane 0

Huawei’s Customer Solution Integration and Innovation Experience Centre showcases solutions for a safer and better connected Philippines

Tita Jane 0

Your iPhone will soon have a Lockdown Mode that will fight hacking and spyware

Tita Jane 0

Leave a Reply

Your email address will not be published. Required fields are marked *