Meta said it received 21,700 emergency requests from January to June 2021 globally and provided some data in. Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals. According to its report, Apple provided data in response to 93 of those requests. We’d like to commend Citizen Lab for successfully completing the very difficult work of obtaining a sample of this exploit so we could develop this fix quickly. Reached out for comment, Apple provided the following statement after several news publications blew the zero-day's severity out of proportion.Īfter identifying the vulnerability used by this exploit for iMessage, Apple rapidly developed and deployed a fix in iOS 14.8 to protect our users. These two zero-days represent the 14th and 15th zero-days Apple has patched this year. Patches for this zero-day were released for macOS, iOS, and iPadOS. Reported by an anonymous researcher, this bug impacts Safari's WebKit browser engine and was also abused in the wild, but details about its exploitation have not been revealed.
#Apple security breach june 2021 Patch#
In addition, Apple's security updates today also include a patch for a second zero-day, tracked as CVE-2021-30858. In its August report, Citizen Lab said that NSO Group appears to have specifically developed ForcedEntry as a way to bypass a new security feature called BlastDoor that Apple added in iOS 14 in the fall of 2020. The researchers said they believe the exploit has been used in attacks since at least February this year. In reports published in August and earlier today, Citizen Lab researchers said they found ForcedEntry deployed on the iPhones of activists in Bahrain and Saudi Arabia.
#Apple security breach june 2021 pdf#
When weaponized, ForcedEntry allows NSO customers to send maliciously crafted PDF files to a victim's Apple device and run malicious code that takes over their systems.Ĭitizen Lab, a political, human rights, and cybersecurity research center at the University of Toronto, was credited with discovering this zero-day. Tracked as CVE-2021-30860, the ForcedEntry zero-day exploits a bug in CoreGraphics, an Apple component for drawing 2D graphics. Patches are available today for macOS, iOS, iPadOS, and watchOS. Apple releases patches for NSO Group's ForcedEntry zero-dayĪpple has released security updates today to patch ForcedEntry, a professional exploit developed by Israeli spyware maker NSO Group, and which has been abused to hack into the phones of multiple activists since February this year.
0 kommentar(er)
