The company on Monday pushed out emergency security updates for iOS, macOS, and its other operating systems to plug a hole that threatened security on a range of devices.

channel asia, australian reseller news, arn, channel x, australian channel, the channel, it channel, reseller, it distribution, idg, information technology, it, partner, assembler, systems integrator, applications developer, software developer, xsp, service provider, web developer, asp, isp, supply chain, it services

Credit: Dreamstime

Apple has issued emergency security updates for iOS, macOS and its other operating systems to plug a hole that Canadian researchers claimed had been planted on a Saudi political activist's device by NSO Group, an Israeli seller of spyware and surveillance software to governments and their security agencies.

Updates to patch the under-active-exploit vulnerability were released for iOS 14; macOS 11 and 10, aka Big Sur and Catalina, respectively; iPad OS 14; and watchOS 7.

According to Apple, the vulnerability can be exploited by "processing a maliciously crafted PDF," which "may lead to arbitrary code execution." The phrase "arbitrary code execution" is Apple's way of saying that the bug was of the most serious nature; Apple does not rank threat level of vulnerabilities, unlike operating system rivals such as Microsoft and Google.

Apple credited The Citizen Lab for reporting the flaw.

Also on Monday, Citizen Lab, a cybersecurity watchdog organisation that operates from the Munk School of Global Affairs & Public Policy at the University of Toronto, released a report outlining what it found. "While analysing the phone of a Saudi activist infected with NSO Group's Pegasus spyware, we discovered a zero-day zero-click exploit against iMessage," Citizen Lab researchers wrote.

The exploit, which Citizen Lab dubbed "FORCEDENTRY," had been used to infect the phone of the activist — and possibly others as far back as February 2021 — with the NGO Group's "Pegasus" surveillance suite. It, in turn, consists largely of spyware that can document texts and emails sent to and from the device as well as switch on its camera and microphone for secret recording.

Citizen Lab was confident that FORCEDENTRY was associated with Pegasus and thus, NGO Group. According to researchers, the spyware loaded by the zero-click exploit contained coding characteristics, including ones never made public, that Citizen Lab had come across in previous analysis of NGO Group and Pegasus.

"Despite promising their customers the utmost secrecy and confidentiality, NSO Group's business model contains the seeds of their ongoing unmasking," Citizen Labs' researcher wrote in their Monday report. "Selling technology to governments that will use the technology recklessly in violation of international human rights law ultimately facilitates discovery of the spyware by investigatory watchdog organizations."

Apple device owners can download and install the security-only updates issued Monday by triggering a software update through the device's OS.

Latest breaking 24h news around the world Latest breaking 24h news around the world - Page 2 Latest breaking 24h news around the world - Page 3


LATEST NEWS

NEWS RELATED

Microsoft's redesigned Surface Pro 8 sets the new bar for Windows tablets

Microsoft's Surface Pro 7+ is a best-in-class Windows tablet, and the new Surface Pro 8 includes several welcome improvements.

Read more: Microsoft's redesigned Surface Pro 8 sets the new bar for Windows tablets

Eclipse's Jakarta EE gains momentum

Developer survey by the open source foundation finds nearly half of respondents will migrate to Jakarta within two years.

Read more: Eclipse's Jakarta EE gains momentum

What to expect from SASE certifications

Free and fee-based SASE certifications are cropping up from vendors including Cato Networks, Netskope and Versa Networks. Are they worth the effort?

Read more: What to expect from SASE certifications

Deno 1.14 extends Web Crypto API

Latest update to the Node.js rival also stabilises the WebSocket API, introduces file locking APIs, and updates the Deno extension for Visual Studio Code.

Read more: Deno 1.14 extends Web Crypto API

Windows 11: Just say no

In a few weeks, Windows 11 will arrive. Should you upgrade to it? Let me answer with a question: "Should you stop hitting your head against the wall?"

Read more: Windows 11: Just say no

DataStax offers serverless, NoSQL Astra DB across multiple regions, clouds

DataStax's move to make its Astra DB database as a service (DaaS) available in multiple public cloud regions globally helps set it apart from other serverless offerings.

Read more: DataStax offers serverless, NoSQL Astra DB across multiple regions, clouds

8 top cloud security certifications

Cloud security skills are in high demand. These certs will help you demonstrate your cloud security know-how.

Read more: 8 top cloud security certifications

Palo Alto shapes integrated SASE package for hybrid enterprises

Palo Alto’s Prisma SASE brings together the company’s its core Prisma Access package with the company’s SD-WAN technology

Read more: Palo Alto shapes integrated SASE package for hybrid enterprises

Cisco forecasts a bright future for network, app, hybrid work technologies

Python slithers toward top of language popularity index

Google Flutter 2.5 UI kit is now stable

All the little iPhone 13 details you may have missed

Brace yourselves: Windows 11 may have more popups

Mendix low-code PaaS adds Industry Clouds for key business sectors

The future of Rust

Windows 11 won't support Apple's M1 Macs, but you might be able to run it

OTHER NEWS