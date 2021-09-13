



Apple has released a security update for a newly discovered zero-day vulnerability that affects all iPhones, iPads, Macs, and Apple Watches. Citizen Lab, which has discovered a vulnerability and has been recognized for its achievements, is encouraging users to update their devices immediately.

Technology giants said iOS 14.8 for iPhone and iPad, as well as new updates for Apple Watch and macOS, will fix at least one vulnerability that “may have been actively exploited.” ..

Citizen Lab said it has discovered a new artifact in the Forced Entry vulnerability. Details were first revealed in August as part of an investigation into the use of a zero-day vulnerability used to silently hack an iPhone owned by at least one Bahrain activist.

Last month, Citizen Lab said it took advantage of a flaw in ApplesiMessage that was exploited to push Pegasus spyware developed by the Israeli company NSO Group to give businesses a zero-day to deploy fixes. I did. Activist phone.

Pegasus provides government customers with near-complete access to their target devices, including personal data, photos, messages, and locations.

The breach was serious because the flaw exploited the latest iPhone software of the time, both iOS 14.4 and later iOS 14.6 released by Apple in May. However, the vulnerability broke through the defenses of a new iPhone called Blast Door that Apple built into iOS 14. This should have prevented silent attacks by filtering potentially malicious code. Citizen Lab calls this particular exploit ForcedEntry because of its ability to circumvent Apple’s BlastDoor protection.

Citizen Lab said in its latest findings that it found evidence of a Forced Entry exploit on the iPhone of a Saudi activist running on the latest version of iOS. Researchers said the exploit took advantage of the weaknesses in the way Apple devices render images on displays.

Citizen Lab now states that the same ForcedEntry exploit will work on all Apple devices running the latest software to date.

Citizen Lab said it reported the findings to Apple on September 7. Apple has pushed an update for a vulnerability officially known as CVE-2021-30860. Citizen Lab stated that it attributed the ForcedEntry exploit to NSO Group with high reliability, citing evidence confirming that it had not been previously published.

Citizen Lab researcher John Scott-Railton tells TechCrunch that messaging apps like iMessage are increasingly being targeted by nation-state hacking operations, and this latest discovery highlights the challenges of protecting them. Said.

When it arrived, Apple declined to comment. NSO Group refused to answer certain questions.

