Apple has released a number of new updates to its operating system iOS And macOS And watchOS to fix an error He says Security researchers at Citizen Lab said it was highly likely that it was exploited to allow government agencies to install spyware on the phones of journalists, lawyers and activists.
The researchers say the bug allowed for a “no-click” (meaning the target didn’t have to do anything to get infected) of the Pegasus spyware, which is said to be able to steal data and passwords and activate a phone’s microphone or camera.
Due to the severity of the exploit, you should update to iOS 14.8, macOS Big Sur 11.6, and watchOS 7.6.2 as soon as possible.
Information about the vulnerability surfaced in August, when Citizen Lab reported that it had been successfully used against phones running iOS 14.6 (released in May).
Citizen Lab also said the vulnerability, dubbed ForcedEntry, appears to be identical to an exploit behavior Amnesty International wrote about in July.
At the time, security researchers wrote that this was made possible by a bug in Apple’s CoreGraphics system, which occurred when the phone tried to use a function associated with GIFs, after it received a text message containing a malicious file.
However, even with this information, it can be difficult to determine what was going on without access to the infected files themselves.
Also Read: Learn about AAE Files in iPhone Photos App
Apple releases security updates to close spy vulnerabilities
According to Citizen Lab, they discovered the files while re-analyzing a backup from a hacked active phone. The files appear to be GIFs sent as SMS attachments, but are actually PSD and PDF files.
Apple’s update notes indicate that the issue occurred when a maliciously created PDF file was being processed.
Citizen Lab suspected it may be linked to Pegasus software. So I sent the files to Apple on September 7. The company released software updates to correct the bug on September 13.
Some of today’s updates also fix a second security issue with WebKit for iOS and macOS Big Sur. (Not mentioned in the Catalina System release notes.)
While it is unclear whether it is related to the NSO exploit. But the company says it may have been actively exploited.
Such a pressing security issue explains why a new iOS update came out just hours before the company’s event. Where it is expected to announce new phones that may not work with this version of the operating system.
Read also: Apple’s first iPhone with terabyte storage is coming tomorrow