![]() ![]()
![]() Rather, it executes on its own using a security hole. Moreover, the exploit was a zero-click exploit, which means that victims don’t have to click on the malicious file for it to infect their devices. #APPLE SECURITY UPDATE PEGASUS PATCH#The flaw was a zero-day vulnerability, i.e., it was either unknown to Apple or they had simply not developed a patch for it at the time. #APPLE SECURITY UPDATE PEGASUS PDF#Apple said that this flaw could be exploited through a “maliciously crafted” PDF file. This was done by using a security flaw in Apple’s Messages app. The flaw was disclosed by Citizen Lab (a cyber-research unit of the University of Toronto) on Monday and allowed a hacker using NSO’s Pegasus malware to gain access to a device belonging to a Saudi activist. ![]() However, with Apple itself releasing an update to do away with the vulnerability found by Citizen Lab, it is the Union government’s claim that may give rise to reservations.Apple has released emergency updates iOS 14.8, iPadOS 14.8, macOS 11.6, and watchOS 7.6.2 to fix a Pegasus vulnerability on iPhones, iPads, Macs, and Apple Watches. “I have reservations about the report ,” the solicitor general had said in the court. The use of the spyware came to light earlier this year as a result of the Pegasus Project, a collaborative investigation by The Wire and 16 other international media organisations, coordinated by Forbidden Stories and provided with technical support from Amnesty International’s Security Lab.Īpple’s move doesn’t look great for the Indian government – which just yesterday in the Supreme Court dismissed Citizen Lab’s research. Ī Pegasus infection allows the attacker total access to a target’s device, allowing them to turn on the camera and microphone, record calls and texts and access all the data on the device. #APPLE SECURITY UPDATE PEGASUS INSTALL#The latest versions of Apple software which users have been advised to download and install are iOS 14.8, MacOS 11.6 and WatchOS 7.6.2.Īpple commended Citizen Lab for making the discovery and went on to note that, “Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life and are used to target specific individuals,” as reported by AFP. The cybersecurity organisation, in a blog post on September 13, said that it believes FORCEDENTRY to have been in use since February, 2021 and urged users to “immediately update their Apple devices.” Details regarding their discovery of the exploit in March of this year are available on the blog post. The vulnerabilities had been revealed by Citizen Lab, a cybersecurity organisation in the University of Toronto, while analysing a Saudi activist’s iPhone which had been infected with the Pegasus spyware.Īlso read: Pegasus: Centre Tells SC It Doesn’t Want to File Affidavit Over ‘National Security Concerns’Ĭitizen Lab has dubbed this particular exploit ‘FORCEDENTRY’ and described it as a “zero-day zero-click exploit against iMessage”, Apple’s exclusive messaging app.Ī zero-day exploit is named as such since it gives companies zero days to fix it and zero-click refers to the malware’s ability to infect a target device without any input from device’s user it can install itself without a user ever clicking on a malicious link or file. New Delhi: Apple on Monday rolled out a series of software updates for its products to protect against a critical vulnerability which could allow Pegasus, the NSO Group’s military-grade spyware, unfettered access to users iPhones, iPads, Apple Watches or Macs without so much as a click, the New York Times reported. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |