IOS zeroday: Pegasus, update all iOS devices.

modi123

modi123

Supreme [H]ardness
Joined
Sep 6, 2006
Messages
7,218
Update your IOS devices today, and let your family/friends know.

Seems like a pretty nasty zero day using the Pegasus spyware and is via rendering images on display.

Apple has released security updates for a zero-day vulnerability that affects every iPhone, iPad, Mac and Apple Watch. Citizen Lab, which discovered the vulnerability and was credited with the find, urges users to immediately update their devices.

The technology giant said iOS 14.8 for iPhones and iPads, as well as new updates for Apple Watch and macOS, will fix at least one vulnerability that it said “may have been actively exploited.”
[...]
Last month, Citizen Lab said the zero-day flaw [...] took advantage of a flaw in Apple’s iMessage, which was exploited to push the Pegasus spyware, developed by Israeli firm NSO Group, to the activist’s phone.

Pegasus gives its government customers near-complete access to a target’s device, including their personal data, photos, messages and location.

The breach was significant because the flaws exploited the latest iPhone software at the time, both iOS 14.4 and later iOS 14.6, which Apple released in May. But also the exploit broke through new iPhone defenses that Apple had baked into iOS 14, dubbed BlastDoor, which were supposed to prevent silent attacks by filtering potentially malicious code. Citizen Lab calls this particular exploit ForcedEntry for its ability to skirt Apple’s BlastDoor protections.
[...]
The researchers said the exploit takes advantage of a weakness in how Apple devices render images on the display
[...]
Click to expand...
https://techcrunch.com/2021/09/13/apple-zero-day-nso-pegasus/


Given the severity of the exploit, you should update to iOS 14.8, macOS Big Sur 11.6, and watchOS 7.6.2 as soon as you can.
Click to expand...
https://www.theverge.com/2021/9/13/22672352/apple-spyware-gateway-iphone-software-update-nso-pegasus
 
These NSO guys don`t kid around , its like theres no OS they cant exploit
 
T_A - No kidding. I am pretty sure they wake up each day pumping Joe Esposito's "You're The Best Around" while showering.
 
T_A said:
These NSO guys don`t kid around , its like theres no OS they cant exploit
Click to expand...
There are exploits for everything that companies like this hold close. Typically, we only find out about them once the nation-state that used said exploit got caught, and they feel it's not useful anymore.
 
You must log in or register to reply here.
Back
Top