You may have heard about the ongoing Pegasus hack that affected iOS. AppleInsider now reports that Apple has issues patches and updates to older versions of iOS and macOS for three zero-day vulnerabilities that were reportedly exploited by the infamous Pegasus spyware.
iOS 12.5.5 contains a fix for a CoreGraphics flaw that could be exploited
The mentioned above CoreGraphics flaw allowed malicious users to execute code on a device through maliciously created PDF files. It is possible this vulnerability has been exploited in the wild, according to a support document by Apple.
The affected iPhone and iPad models are older ones: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3. The zero-day vulnerability was discovered by Citizen Lab, a laboratory at the University of Toronto's Munk School of Global Affairs. Because of the involvement of Citizen Lab, it is possible that NSO used that vulnerability for its Pegasus spyware tool.
Citizen Lab has been actively following NSO and the impact it has on human rights and the global political landscape. So far, the initiative has discovered multiple zero-day vulnerabilities connected to the way the Pegasus malware achieved its purposes. Allegedly, the Pegasus spyware was used by authoritative governments to gain access and surveil iPhones of journalists, activists, government officials, and other people.
The Pegasus malware is sometimes deployed as a zero-click attack. Back in the summer, there was a reported case of bypassing Apple's security protocols in Messages and using the Pegasus spyware on a Bahraini human rights activist's iPhone 12 Pro. Apple hurried to release a fix for the impacted iOS 14 version in September. Separate attacks have been reported using Photos and Apple Music.
What is the Pegasus spyware, zero-day vulnerability, and how to fix it?
Back in August, a report by the Washington Post and 16 media partners have made the startling discovery that the phones of 37 journalists and human rights activists had been either attempted to or successfully hacked by an Israeli surveillance firm. The firm was the NSO.
Recommended Stories
The Pegasus spyware was able to read text messages, track calls, collect passwords, track location, access the victim's microphone and camera, and get information from apps installed on the hacked device.
A zero-day vulnerability is basically a very major vulnerability that's known to hackers but unknown to the developers. That's where the name zero-day comes from, as in the developer get zero days to fix the issue and release a patch. The zero-day vulnerability can become a zero-day attack when a malicious user directly exploits the vulnerability and the developer has no way of preventing it.
It seems the Pegasus spyware was reportedly using several of such vulnerabilities which Apple has now patched and can no longer be used.
Recently, we reported on the fact that not only highly authoritative governments use the Pegasus tool. Germany has admitted to purchasing NSO's spyware, but the country claimed it was used only in accordance with its very strict laws on privacy.
Officials from Germany's Federal Criminal Police office have only activated certain functions of the Pegasus software against known criminals and have respected the country's privacy laws. However, it is unclear what restrictions on the spyware have been put in place and whether they were effective. There's also no information about how often Pegasus was used and against whom.
The zero-day vulnerability has to be fixed by the developer. What you can do is, if you have one of the older iPhones or iPads listed here above, make sure to download and install iOS version 12.5.5. For the newer phones that are on iOS 14, Apple has already released a fix that patches such two zero-day vulnerabilities. If you have skipped it, we strongly suggest you install iOS version 14.8 and iPadOS 14.8 to secure your iPhone or iPad.
Izzy, a tech enthusiast and a key part of the PhoneArena team, specializes in delivering the latest mobile tech news and finding the best tech deals. Her interests extend to cybersecurity, phone design innovations, and camera capabilities. Outside her professional life, Izzy, a literature master's degree holder, enjoys reading, painting, and learning languages. She's also a personal growth advocate, believing in the power of experience and gratitude. Whether it's walking her Chihuahua or singing her heart out, Izzy embraces life with passion and curiosity.
Recommended Stories
Loading Comments...
COMMENT
All comments need to comply with our
Community Guidelines
Phonearena comments rules
A discussion is a place, where people can voice their opinion, no matter if it
is positive, neutral or negative. However, when posting, one must stay true to the topic, and not just share some
random thoughts, which are not directly related to the matter.
Things that are NOT allowed:
Off-topic talk - you must stick to the subject of discussion
Offensive, hate speech - if you want to say something, say it politely
Spam/Advertisements - these posts are deleted
Multiple accounts - one person can have only one account
Impersonations and offensive nicknames - these accounts get banned
Moderation is done by humans. We try to be as objective as possible and moderate with zero bias. If you think a
post should be moderated - please, report it.
Have a question about the rules or why you have been moderated/limited/banned? Please,
contact us.
FCC OKs Cingular\'s purchase of AT&T Wireless
Things that are NOT allowed: