IOS 14.8, Watchos 7.6.2 and MacOS 11.6 Watch a Pegasus flaw "Zero-day, Zero-Click" 🆕 |igeneration

IOS 14.8, Watchos 7.6.2 and MacOS 11.6 Watch a Pegasus flaw "Zero-day, Zero-Click" 🆕 |igeneration

Les mises à jour iOS 14.8, watchOS 7.6.2 et macOS 11.61 doivent être installées séance tenante : elles corrigent deux failles « zero day » qui ont été exploitées dans la nature, explique Apple dans la fiche d'assistance.iOS 14.8, watchOS 7.6.2 et macOS 11.6 bouchent une faille Pegasus « zero-day, zero-click » 🆕 | iGeneration iOS 14.8, watchOS 7.6.2 et macOS 11.6 bouchent une faille Pegasus « zero-day, zero-click » 🆕 | iGeneration

The CVE-2021-30860 flaw was reported by The Citizen Lab, which had spotted a very serious iOS flaw last month to infect an iPhone without user intervention ("Zero Click"), through messages.This vulnerability, baptized forcedentry, was notably used by NSO Group, a company that develops the Pegasus hooked that we have heard of (in bad) this summer.

Pegasus spy malware is always more efficient and used

iOS 14.8, watchOS 7.6.2 et macOS 11.6 bouchent une faille Pegasus « zero-day, zero-click » 🆕 | iGeneration

The Canadian lab reported the Faille to Apple on September 7, which assigned the CVE-2021-30860 code to it.The manufacturer explains that the operating mode of vulnerability requires the treatment of a malicious PDF which can cause the execution of arbitrary code.

According to Citizen Lab, Forcedentry has been exploited since at least February 2021.In March, the team examined the phone of a Saudi activist, and was able to determine that he had been infected with Pegasus with the method described by Apple (in this case, the malicious files received were GIFs whichactually hid a PDF file).

Last month, Apple indicated that IOS 15 was still going to strengthen iOS protections against these faults, which managed to get around Blastdoor, security introduced with iOS 14.

iOS 15: in Messages, additional protections against pegasus malware

Update 0:30 am - In a shared declaration to the US press, Apple confirms that the update corrects an imessing vulnerability reported by Citizen Lab.The manufacturer also resumes its usual verse on Pegasus, according to which attacks of this type are "highly sophisticated, they cost millions of dollars to develop, often have a short lifespan and are used to target specific individuals".

All this does not exempt Apple to do its job properly: "While these attacks do not concern the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we constantly add new protections for theirdevices and their data ».


  1. MacOS Catalina is also protected thanks to the 2021-005 security update, to be applied urgently so.↩︎

Tags: