Lucene search

K
hiveproHive ProHIVEPRO:433978802EA1E557CC5202EE1014E67B
HistorySep 16, 2021 - 1:49 p.m.

Apple fixes the zero-day vulnerabilities exploited by Pegasus spyware named “FORCEDENTRY”

2021-09-1613:49:19
Hive Pro
www.hivepro.com
35

THREAT LEVEL: Red.

For a detailed advisory, download the pdf file here.

Two actively exploited vulnerabilities (CVE-2021-30858 and CVE-2021-30860) have been fixed in Apple's iOS 14.8, iPadOS 14.8, watchOS 7.6.2, macOS Big Sur 11.6, and Safari 14.1.2 releases. The NSO group carried out the attack by simply sending a malicious text message which were actually Adobe PSD files that crashed the iMessage component responsible for automatically rendering images and then deployed the Pegasus surveillance tool. Users of Apple's iPhone, iPad, Mac, and Apple Watch should update their software right away to avoid any potential hazards resulting from active exploitation of the holes.

Vulnerability Details

CVE ID Affected CPEs Vulnerability Name
CVE-2021-30858 cpe:2.3:o:apple:macos::::::::
cpe:2.3:o:apple:iphone_os::::::::
cpe:2.3:o:apple:ipados:::::::: Arbitrary code execution
CVE-2021-30860 cpe:2.3:o:apple:ipados::::::::
cpe:2.3:o:apple:iphone_os:::::::*:
cpe:2.3:o:apple:mac_os_x::::::::
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020::::::
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004::::::
cpe:2.3:o:apple:watchos::::::::
cpe:2.3:o:apple:macos:::::::: Integer overflow leading to arbitrary code execution.

Threat Actor

Name|Known as|Origin|Target Locations|Target|
—|—|—|—|—|—
NSO group| Pegasus spyware| Israel| Worldwide| Surveillance, Financial gain|

Patch Links

<https://support.apple.com/en-us/HT212804&gt;

<https://support.apple.com/en-us/HT212805&gt;

<https://support.apple.com/en-us/HT212806&gt;

<https://support.apple.com/en-us/HT212807&gt;

References

<https://thehackernews.com/2021/09/apple-issues-urgent-updates-to-fix-new.html&gt;

<https://arstechnica.com/information-technology/2021/09/apple-fixes-imessage-zero-day-exploited-by-pegasus-spyware/&gt;