Apple Patches Pegasus Spyware Vulnerability - ThreatWire
Added 2021-09-22 14:07:06 +0000 UTCBy Shannon Morse, ThreatWire
Apple just released some security updates to patch CVE-202130860, a major vulnerability that required no user interaction, but could pwn the latest Apple devices with Pegasus Spyware, the malware used by the Israeli NSO group to target individuals.
Since it requires no interaction, the vulnerability was dubbed FORCED ENTRY by researchers at Citizen Lab who first found the flaw and alerted Apple to the issue. FORCED ENTRY could be triggered by sending a malicious message to a target.
The group analyzed an iPhone back in March that belonged to a Saudi activist and found 27 GIF files (or gif files! To each their own!), but their digging helped them discover those files were actually Adobe photoshop psd and pdf files made up of 748 bytes of data. These files caused an IM Transcoder Agent crash, which resembled the same kind of crash they saw previously from nin Bahraini activist phones. Each time, those fake GIF files were sent to the phone right before it was hacked. That agent is a component used to render images via iMessage, so it instead was used to deploy surveillance in this case.
Apple described this vulnerability as one that can process a maliciously crafted PDF and lead to arbitrary code execution. They released a patch to MacOS, WatchOS, and iOS, saying that parsing a malicious PDF could give the attacker code execution capabilities.
Citizen Lab believes this vulnerability has been exploited remotely by NSO Group since at least February of 2021. While Pegasus is used to target activists, journalists, and people in places of power, even if you don’t fall into one of those categories, you should still update your Apple device to ensure you are protected.
Apple:
https://www.vice.com/en/article/3aq9q3/apple-patches-zero-click-imessage-hack-used-by-nso
https://thehackernews.com/2021/09/apple-issues-urgent-updates-to-fix-new.html
![Murasaki [ムラサキ]](https://xaiju.com/istorage/44954.jpg)
