The Citizen Lab identified the exploit as coming from the NSO Group based on its past spyware implementations. According to the researchers, the vulnerability is present on:Īll iPhones with iOS versions prior to 14.8Īll Mac computers with operating system versions prior to OSX Big Sur 11.6, Security Update 2021-005 Catalina, andĪll Apple Watches prior to watchOS 7.6.2. PDF files are installed on a device to abuse Apple's image rendering library (called "CoreGraphics") to execute code. The Citizen Lab dubbed the vulnerability as "ForcedEntry" and said it was used to install the NSO Group's Pegasus spyware on a Saudi activist's phone, according to its published analysis.įorcedEntry is a clickless attack. government agencies, broadened the list of affected systems to also include macOS Big Sur 11.6, macOS Catalina and watchOS 7.6.2, plus Apple's Safari 14.1.2 browser.Īpple credited The Citizen Lab, a University of Toronto research project that investigates human rights, privacy and security issues, with finding the CVE-2021-30860 vulnerability. The agency, which issues security advice to U.S. Cyberstructure and Infrastructure Security Agency. These vulnerabilities were called out in a Monday alert by the U.S. The other vulnerability, CVE-2021-30858, is a "use after free" vulnerability exploited by "maliciously crafted Web content" that "may have been actively exploited." Apple issued patches on Monday for two vulnerabilities that can permit an attacker to run code on iOS devices, with one vulnerability (CVE-2021-30860) said by researchers to originate from the NSO Group, an Israeli spyware maker.ĬVE-2021-30860, which "may have been actively exploited," according to Apple, is described as an integer overflow issue caused by "a maliciously crafted PDF" file, affecting iPhone 6 and later devices, as well as iPads.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |