![]() The other bug patched by Apple, CVE-2021-30858, was reported by an unidentified researcher. ![]() "Regulation of this growing, highly profitable, and harmful marketplace is desperately needed." "Our latest discovery of yet another Apple zero day employed as part of NSO Group’s arsenal further illustrates that companies like NSO Group are facilitating 'despotism-as-a-service' for unaccountable government security agencies," Citizen Lab researchers said in a post on Monday. Amnesty International and French media protection org claim massive misuse of NSO spyware.NSO Group 'will no longer be responding to inquiries' about misuse of its software.Israeli authorities investigate NSO Group over Pegasus spyware abuse claims.United Nations calls for moratorium on sale of surveillance tech like NSO Group's Pegasus.According to Citizen Lab, the FORCEDENTRY exploit, when successful, installed NSO Group's Pegasus spyware. gif file extension but were in fact Adobe PDF files containing a JBIG2-encoded stream – no further action was required to infect the victim's device with malicious code: they simply had to receive the message. When targeted activists received these poisoned PDF files – which had a. The crashes arose when using CoreGraphics to decode JBIG2-encoded data within a PDF file prepped to trigger the bug. "The crashes appeared to be segfaults generated by invoking the copyGifFromPath:toDestinationPath:error function on files received via iMessage." ![]() "When the FORCEDENTRY exploit was being fired at a device, the device logs showed crashes associated with IMTranscoderAgent," the Citizen Lab report explains. On August 24, 2021, researchers with the organization reported that the iPhones of nine Bahraini activists had been hacked between June 2020 and February 2021 using NSO Group’s Pegasus spyware and two zero-click iMessage exploits. "Apple is aware of a report that this issue may have been actively exploited," the biz said in its terse, non-committal summary.Ĭitizen Lab managed to be less coy in its assessment. Reported by researchers at University of Toronto's Citizen Lab, the bug consists of an integer overflow that allows a malicious PDF file to achieve arbitrary code execution, allowing spyware and other malicious programs to run.Īpple is aware of a report that this issue may have been actively exploited One of the bugs, CVE-2021-30860, resides in Apple's CoreGraphics framework. Previous macOS releases Catalina (10.15) and Mojave (10.14) received updated versions of WebKit-based Safari (14.1.2), with Catalina also getting a supplemental fix. Updated Apple on Monday issued security patches for its mobile and desktop operating systems, and for its WebKit browser engine, to address two security flaws, at least one of which was, it is said, used by autocratic governments to spy on human rights advocates.Ī day before the iGiant is expected to announce the iPhone 13, it released updates for iOS 14.8 and iPadOS 14.8, watchOS 7.6.2, and macOS Big Sur 11.6. ![]()
0 Comments
Leave a Reply. |