Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsApple Issues Emergency Security Updates to Close a Spyware Flaw
Link to tweet
Tweet text:
Nicole Perlroth
@nicoleperlroth
BIG NEWS: Do you own an Apple product? UPDATE IT NOW. New zero-click NSO Group #Pegasus spyware has been infecting iPhones, Macs, Watches. This is the Holy Grail of surveillance capabilities and you are vulnerable until you update.
Apple Issues Emergency Security Updates to Close a Spyware Flaw
Researchers at Citizen Lab found that NSO Group, an Israeli spyware company, had infected Apple products without so much as a click.
nytimes.com
12:15 PM · Sep 13, 2021
Nicole Perlroth
@nicoleperlroth
BIG NEWS: Do you own an Apple product? UPDATE IT NOW. New zero-click NSO Group #Pegasus spyware has been infecting iPhones, Macs, Watches. This is the Holy Grail of surveillance capabilities and you are vulnerable until you update.
Apple Issues Emergency Security Updates to Close a Spyware Flaw
Researchers at Citizen Lab found that NSO Group, an Israeli spyware company, had infected Apple products without so much as a click.
nytimes.com
12:15 PM · Sep 13, 2021
https://www.nytimes.com/2021/09/13/technology/apple-software-update-spyware-nso-group.html
*snip*
The spyware, called Pegasus, used a novel method to invisibly infect an Apple device without the victims knowledge for as long as six months. Known as a zero click remote exploit, it is considered the Holy Grail of surveillance because it allows governments, mercenaries and criminals to secretly break into a victims device without tipping them off.
Using the zero-click infection method, Pegasus can turn on a users camera and microphone, record their messages, texts, emails, calls even those sent via encrypted messaging and phone apps like Signal and send it back to NSOs clients at governments around the world.
This spyware can do everything an iPhone user can do on their device and more, said John Scott-Railton, a senior researcher at Citizen Lab, who teamed up with Bill Marczak, a senior research fellow at Citizen Lab, on the finding.
In the past, victims only learned their devices were infected by spyware after receiving a suspicious link texted to their phone or email. But NSO Groups zero-click capability gives the victim no such prompt, and enables full access to a persons digital life. These capabilities can fetch millions of dollars on the underground market for hacking tools.
*snip*
InfoView thread info, including edit history
TrashPut this thread in your Trash Can (My DU » Trash Can)
BookmarkAdd this thread to your Bookmarks (My DU » Bookmarks)
8 replies, 1220 views
ShareGet links to this post and/or share on social media
AlertAlert this post for a rule violation
PowersThere are no powers you can use on this post
EditCannot edit other people's posts
ReplyReply to this post
EditCannot edit other people's posts
Rec (10)
ReplyReply to this post
8 replies
= new reply since forum marked as read
Highlight:
NoneDon't highlight anything
5 newestHighlight 5 most recent replies
Apple Issues Emergency Security Updates to Close a Spyware Flaw (Original Post)
Nevilledog
Sep 2021
OP
Downloading it now! There's no alert on the phone but click on settings and updates,
hedda_foil
Sep 2021
#3
Nevilledog
(51,034 posts)1. More (no paywall)
Link to tweet
https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Summary
While analyzing the phone of a Saudi activist infected with NSO Groups Pegasus spyware, we discovered a zero-day zero-click exploit against iMessage. The exploit, which we call FORCEDENTRY, targets Apples image rendering library, and was effective against Apple iOS, MacOS and WatchOS devices.
We determined that the mercenary spyware company NSO Group used the vulnerability to remotely exploit and infect the latest Apple devices with the Pegasus spyware. We believe that FORCEDENTRY has been in use since at least February 2021.
The Citizen Lab disclosed the vulnerability and code to Apple, which has assigned the FORCEDENTRY vulnerability CVE-2021-30860 and describes the vulnerability as processing a maliciously crafted PDF may lead to arbitrary code execution.
Today, September 13th, Apple is releasing an update that patches CVE-2021-30860. We urge readers to immediately update all Apple devices.
Devices affected by CVE-2021-30860 per Apple:
All iPhones with iOS versions prior to 14.8, All Mac computers with operating system versions prior to OSX Big Sur 11.6, Security Update 2021-005 Catalina, and all Apple Watches prior to watchOS 7.6.2.
*snip*
50 Shades Of Blue
(9,930 posts)2. Thanks!
hedda_foil
(16,371 posts)3. Downloading it now! There's no alert on the phone but click on settings and updates,
It's there.
Sympthsical
(9,041 posts)4. Funnily enough, they're revealing iOS 15 tomorrow
Also the iphone 13 and Apple Watch 7.
Which is nice, as I need the phone upgrade. I may or may not have run my 11 over with my car. It somehow still works just fine, but it's a little smashed up. Just been waiting on the 13 to upgrade.
We will not discuss *how* I ran over it with my car.
(left it on the roof, pulled out and it fell, smooshed when I pulled back in)
secondwind
(16,903 posts)5. Glad I came across this... updating now!
LibinMo
(533 posts)6. Can you update iPhone without wifi?
Son says his iPhone requires a wifi connection to update
Nevilledog
(51,034 posts)7. Not sure....did see this though
Link to tweet
Link to tweet
Tweet text:
Nicole Perlroth
@nicoleperlroth
Will have a helpful "How To" slide up soon, but for those asking how to/what to update to, here's a little guide I sent my mom.
1. Make sure you update to the following: iPhones/iPads should be 14.8; Mac computers to 11.6 and Apple Watches should be 7.6.2.
icoleperlroth
2. For Mac users:
Click on the little Apple icon in the top left corner of your computer.
Click on System Preferences.
Click Software Update.
See if you have updated to the latest Mac OS, which should be OSX Big Sur 11.6.
Click "Update Now."
3. For iPhones/iPads:
Go to Settings.
Click General.
Click Software Update.
Make sure your device is plugged in or has at least 50% battery life.
Update to iOS 14.8 by clicking Install Now.
Have a glass of water. It can takes a while.
3:27 PM · Sep 13, 2021
Nicole Perlroth
@nicoleperlroth
Will have a helpful "How To" slide up soon, but for those asking how to/what to update to, here's a little guide I sent my mom.
1. Make sure you update to the following: iPhones/iPads should be 14.8; Mac computers to 11.6 and Apple Watches should be 7.6.2.
icoleperlroth
2. For Mac users:
Click on the little Apple icon in the top left corner of your computer.
Click on System Preferences.
Click Software Update.
See if you have updated to the latest Mac OS, which should be OSX Big Sur 11.6.
Click "Update Now."
3. For iPhones/iPads:
Go to Settings.
Click General.
Click Software Update.
Make sure your device is plugged in or has at least 50% battery life.
Update to iOS 14.8 by clicking Install Now.
Have a glass of water. It can takes a while.
3:27 PM · Sep 13, 2021
wackadoo wabbit
(1,164 posts)8. Alas, this patch is not available for the iPhone 6 /nt