Friendly forums for passionate Dems!
More than 91 million posts since 2001
Home Latest Greatest Videos Forums Hide ads Join up!
Home Latest Greatest
Videos Forums Help
Hide ads Join up!
Latest Discussions»General Discussion»Apple Issues Emergency Se...
Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

General Discussion

Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region Forums

Nevilledog

(51,034 posts) Mon Sep 13, 2021, 03:58 PM Sep 2021

Apple Issues Emergency Security Updates to Close a Spyware Flaw



Tweet text:
Nicole Perlroth
@nicoleperlroth
BIG NEWS: Do you own an Apple product? UPDATE IT NOW. New zero-click NSO Group #Pegasus spyware has been infecting iPhones, Macs, Watches. This is the Holy Grail of surveillance capabilities and you are vulnerable until you update.

Apple Issues Emergency Security Updates to Close a Spyware Flaw
Researchers at Citizen Lab found that NSO Group, an Israeli spyware company, had infected Apple products without so much as a click.
nytimes.com
12:15 PM · Sep 13, 2021



https://www.nytimes.com/2021/09/13/technology/apple-software-update-spyware-nso-group.html

*snip*

The spyware, called Pegasus, used a novel method to invisibly infect an Apple device without the victim’s knowledge for as long as six months. Known as a “zero click remote exploit,” it is considered the Holy Grail of surveillance because it allows governments, mercenaries and criminals to secretly break into a victim’s device without tipping them off.

Using the zero-click infection method, Pegasus can turn on a user’s camera and microphone, record their messages, texts, emails, calls — even those sent via encrypted messaging and phone apps like Signal — and send it back to NSO’s clients at governments around the world.

“This spyware can do everything an iPhone user can do on their device and more,” said John Scott-Railton, a senior researcher at Citizen Lab, who teamed up with Bill Marczak, a senior research fellow at Citizen Lab, on the finding.

In the past, victims only learned their devices were infected by spyware after receiving a suspicious link texted to their phone or email. But NSO Group’s zero-click capability gives the victim no such prompt, and enables full access to a person’s digital life. These capabilities can fetch millions of dollars on the underground market for hacking tools.

*snip*


InfoView thread info, including edit history TrashPut this thread in your Trash Can (My DU » Trash Can) BookmarkAdd this thread to your Bookmarks (My DU » Bookmarks) 8 replies, 1220 views
ShareGet links to this post and/or share on social media AlertAlert this post for a rule violation PowersThere are no powers you can use on this post EditCannot edit other people's posts ReplyReply to this post EditCannot edit other people's posts Rec (10) ReplyReply to this post
8 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
Apple Issues Emergency Security Updates to Close a Spyware Flaw (Original Post) Nevilledog Sep 2021 OP
More (no paywall) Nevilledog Sep 2021 #1
Thanks! 50 Shades Of Blue Sep 2021 #2
Downloading it now! There's no alert on the phone but click on settings and updates, hedda_foil Sep 2021 #3
Funnily enough, they're revealing iOS 15 tomorrow Sympthsical Sep 2021 #4
Glad I came across this... updating now! secondwind Sep 2021 #5
Can you update iPhone without wifi? LibinMo Sep 2021 #6
Not sure....did see this though Nevilledog Sep 2021 #7
Alas, this patch is not available for the iPhone 6 /nt wackadoo wabbit Sep 2021 #8

Nevilledog

(51,034 posts)
1. More (no paywall)
Reply to Nevilledog (Original post)
Mon Sep 13, 2021, 04:02 PM
Sep 2021






https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/


Summary

While analyzing the phone of a Saudi activist infected with NSO Group’s Pegasus spyware, we discovered a zero-day zero-click exploit against iMessage. The exploit, which we call FORCEDENTRY, targets Apple’s image rendering library, and was effective against Apple iOS, MacOS and WatchOS devices.

We determined that the mercenary spyware company NSO Group used the vulnerability to remotely exploit and infect the latest Apple devices with the Pegasus spyware. We believe that FORCEDENTRY has been in use since at least February 2021.

The Citizen Lab disclosed the vulnerability and code to Apple, which has assigned the FORCEDENTRY vulnerability CVE-2021-30860 and describes the vulnerability as “processing a maliciously crafted PDF may lead to arbitrary code execution.”

Today, September 13th, Apple is releasing an update that patches CVE-2021-30860. We urge readers to immediately update all Apple devices.

Devices affected by CVE-2021-30860 per Apple:
All iPhones with iOS versions prior to 14.8, All Mac computers with operating system versions prior to OSX Big Sur 11.6, Security Update 2021-005 Catalina, and all Apple Watches prior to watchOS 7.6.2.

*snip*


TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

Sympthsical

(9,041 posts)
4. Funnily enough, they're revealing iOS 15 tomorrow
Reply to Nevilledog (Original post)
Mon Sep 13, 2021, 05:01 PM
Sep 2021

Also the iphone 13 and Apple Watch 7.

Which is nice, as I need the phone upgrade. I may or may not have run my 11 over with my car. It somehow still works just fine, but it's a little smashed up. Just been waiting on the 13 to upgrade.

We will not discuss *how* I ran over it with my car.

(left it on the roof, pulled out and it fell, smooshed when I pulled back in)

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

Nevilledog

(51,034 posts)
7. Not sure....did see this though
Reply to LibinMo (Reply #6)
Mon Sep 13, 2021, 07:56 PM
Sep 2021




Tweet text:
Nicole Perlroth
@nicoleperlroth
Will have a helpful "How To" slide up soon, but for those asking how to/what to update to, here's a little guide I sent my mom.

1. Make sure you update to the following: iPhones/iPads should be 14.8; Mac computers to 11.6 and Apple Watches should be 7.6.2.

icoleperlroth
2. For Mac users:
Click on the little Apple icon in the top left corner of your computer.
Click on System Preferences.
Click Software Update.
See if you have updated to the latest Mac OS, which should be OSX Big Sur 11.6.
Click "Update Now."

3. For iPhones/iPads:
Go to Settings.
Click General.
Click Software Update.
Make sure your device is plugged in or has at least 50% battery life.
Update to iOS 14.8 by clicking “Install Now.”
Have a glass of water. It can takes a while.
3:27 PM · Sep 13, 2021
TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post
Reply to this discussion
Latest Discussions»General Discussion»Apple Issues Emergency Se...
Home | Latest Discussions | Greatest Discussions | Latest Videos | All Forums

About | Copyright | Privacy | Terms of service | Contact

In Memoriam

© 2001 - 2024 Democratic Underground, LLC. Thank you for visiting.