Microsoft filed an amicus brief in support of the case last year. WhatsApp accused NSO Group in 2019 of allowing its spyware to be used by governments to target high-ranking officials. citizens and organizations along with foreign governments. Reuters reported last year that the FBI was investigating the use of NSO Group spyware in potential hacking operations against U.S. This is far from the first time that products from NSO Group, and the company itself, have come under fire for allegations of human rights and privacy abuses. “While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data,” Krstić added.Ī spokesperson for NSO Group told The Hill in a statement Monday that “NSO Group will continue to provide intelligence and law enforcement agencies around the world with life saving technologies to fight terror and crime” but did not comment directly on the Citizen Lab report. “Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals.” “We’d like to commend Citizen Lab for successfully completing the very difficult work of obtaining a sample of this exploit so we could develop this fix quickly,” Krstić said. We urge readers to immediately update all Apple devices.ĭevices affected by CVE-2021-30860 per Apple:Īll iPhones with iOS versions prior to 14.8, All Mac computers with operating system versions prior to OSX Big Sur 11.6, Security Update 2021-005 Catalina, and all Apple Watches prior to watchOS 7.6.2.Ivan Krstić, head of Security Engineering and Architecture at Apple, told The Hill in a statement Monday that Apple had “rapidly developed” the security updates after identifying the vulnerability. Today, September 13th, Apple is releasing an update that patches CVE-2021-30860. The Citizen Lab disclosed the vulnerability and code to Apple, which has assigned the FORCEDENTRY vulnerability CVE-2021-30860 and describes the vulnerability as “processing a maliciously crafted PDF may lead to arbitrary code execution.” We believe that FORCEDENTRY has been in use since at least February 2021. We determined that the mercenary spyware company NSO Group used the vulnerability to remotely exploit and infect the latest Apple devices with the Pegasus spyware. The exploit, which we call FORCEDENTRY, targets Apple’s image rendering library, and was effective against Apple iOS, MacOS and WatchOS devices. While analyzing the phone of a Saudi activist infected with NSO Group’s Pegasus spyware, we discovered a zero-day zero-click exploit against iMessage. These capabilities can fetch millions of dollars on the underground market for hacking tools. But NSO Group’s zero-click capability gives the victim no such prompt, and enables full access to a person’s digital life. In the past, victims only learned their devices were infected by spyware after receiving a suspicious link texted to their phone or email. “This spyware can do everything an iPhone user can do on their device and more,” said John Scott-Railton, a senior researcher at Citizen Lab, who teamed up with Bill Marczak, a senior research fellow at Citizen Lab, on the finding. Using the zero-click infection method, Pegasus can turn on a user’s camera and microphone, record their messages, texts, emails, calls - even those sent via encrypted messaging and phone apps like Signal - and send it back to NSO’s clients at governments around the world. Known as a “zero click remote exploit,” it is considered the Holy Grail of surveillance because it allows governments, mercenaries and criminals to secretly break into a victim’s device without tipping them off. The spyware, called Pegasus, used a novel method to invisibly infect an Apple device without the victim’s knowledge for as long as six months. Researchers at Citizen Lab found that NSO Group, an Israeli spyware company, had infected Apple products without so much as a click. This is the Holy Grail of surveillance capabilities and you are vulnerable until you update.Īpple Issues Emergency Security Updates to Close a Spyware Flaw New zero-click NSO Group #Pegasus spyware has been infecting iPhones, Macs, Watches. Nicole NEWS: Do you own an Apple product? UPDATE IT NOW.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |