Zero day, Zero-Click Pegasus vulnerability plug in iOS 14.8, WatchOS 7.6.2 and MacOS 11.6

Updates iOS 14.8, WatchOS 7.6.2 And Magos 11.6 ^{Should be installed immediately: they fix two “zero day” flaws exploited in nature, Apple explains Help sheet.}

The CVE-2021-30860 defect was reported by The Citizen Lab Discovered last month The most serious iOS flaw that allows an iPhone to be compromised without user intervention (“zero click”) by messages. This vulnerability called FORCEDENTRY, especially used by the NSO Group, is (badly) creating the Pegasus cookie we heard so much about this summer.

The Canadian laboratory reported a defect to Apple on September 7, which provided the code CVE-2021-30860. The manufacturer explains that the vulnerable operating system involves processing the malicious PDF, which can lead to the implementation of arbitrary code.

According to Citizen Lab, FORCEDENTRY is Exploited At least since February 2021. In March, the team tested the Saudi activist’s phone and determined that it was infected with Pegasus using the method described by Apple (in this case, the malicious files actually hid a PDF file of GIFs).

Last month, Apple pointed out that iOS 15 would further strengthen iOS’s protection against these vulnerabilities, which would bypass the Plaster. Security introduced with iOS 14.

Update 0h30 – In a report shared with US newspapers, Apple confirms that the update fixes the iMessage vulnerability announced by Citizen Lab. The builder takes his usual verse in the Pegasus, according to which this type of attacks ” Sophisticated, they cost millions of dollars to build, often have a short lifespan, and are used to target specific individuals .

All of this does not preclude Apple from doing its job properly: ” Although these attacks do not affect the majority of our users, we continue to work tirelessly to protect all of our customers, and we continue to add new security features to their devices and data. .