Apple fixes security loopholes, leaving users vulnerable to spyware attacks


Cybersecurity update

After cybersecurity researchers said they discovered a new vulnerability that allowed hackers to deploy Israeli companies, Apple issued an emergency software update National Bureau of Statistics Spyware tool through iMessage.

iPhone manufacturer Patch released Researchers at the Citizens Lab at the University of Toronto discovered the vulnerability after analyzing the iPhone of a Saudi activist infected with spyware developed by NSO.

According to Citizen Lab, the vulnerability Allowed hackers Access the target iPhone, Mac computer or Apple Watch through iMessage without the user clicking on malicious links. This vulnerability is called “FORCEDENTRY” by researchers and is called a “zero click” attack.

The report added that military spyware manufacturer NSO has “utilized the vulnerability to remotely exploit and infect the latest Apple devices” and its spyware Pegasus “from at least February 2021”.

NSO develops and sells its Exploit Go to government agencies as off-the-shelf software. It was established in 2010 and gained fame in 2019. Report The organization can call users through WhatsApp and “drop” the malware’s “payload” onto unsuspecting iPhone and Android phones.

NSO’s Pegasus is in July connected to According to an investigation by a newspaper consortium, cell phones belonging to dozens of journalists, human rights activists and politicians. Civil rights activists stated that the software-which requires permission from the Israeli government to be exported because it is considered a weapon-can be used for illegal surveillance, not just certain governments targeting terrorists and criminals.

The company said in a statement on Monday: “NSO Group will continue to provide life-saving technologies to intelligence and law enforcement agencies around the world to combat terrorism and crime.”

Citizen Lab stated that it found another previously unknown vulnerability in Apple hardware, “this shows that the company… The profitable and harmful market is regulated.”

Apple stated that it released the patch because “processing a maliciously crafted PDF may lead to arbitrary code execution.” It said it “knows of a report that the problem may have been actively exploited.”

In addition, Apple’s head of security engineering and architecture, Ivan Krstić, said in a statement that “attacks as described are very complex, cost millions of dollars in development, usually have a short shelf life, and are used to target specific individuals,” and Add that they “are not a threat to the vast majority of our users.”

However, this news may further weaken the image of iOS as a safer operating system than Android. Apple has long emphasized that no system is 100% safe from hacker attacks.

Citizen Lab stated that chat applications in particular have become “the main target of the most sophisticated threat actors, including nation-state espionage and the hired spyware companies that provide services for them.”

Daily newsletter

#techFT brings you news, comments and analysis on big companies, technologies and issues, which are made up of experts from all over the world. click here Get #techFT in your inbox.


Source link