TechCentralTechCentral
    Facebook Twitter YouTube LinkedIn
    Facebook Twitter LinkedIn YouTube
    TechCentralTechCentral
    NEWSLETTER
    • News

      Analysis | Rain muddies the waters with approach to Telkom

      11 August 2022

      Rain wants to merge with Telkom: asks to pitch proposal to board

      11 August 2022

      Rain lashed by Takeover Regulation Panel over Telkom statement

      11 August 2022

      Largest SA telecoms operators launch new industry association

      11 August 2022

      MTN shares climb on robust Nigeria, SA performance

      11 August 2022
    • World

      Gaming industry’s fortunes fade as pandemic ends

      11 August 2022

      Disney tops Netflix in streaming subscribers

      11 August 2022

      Jumia says it’s past peak losses, shares jump

      10 August 2022

      Elon Musk sells $6.9-billion of Tesla to avoid Twitter fire sale

      10 August 2022

      Nvidia issues profit warning on slump in demand for graphics cards

      8 August 2022
    • In-depth

      African unicorn Flutterwave battles fires on multiple fronts

      11 August 2022

      The length of Earth’s days has been increasing – and no one knows why

      7 August 2022

      As Facebook fades, the Mad Men of advertising stage a comeback

      2 August 2022

      Crypto breaks the rules. That’s the point

      27 July 2022

      E-mail scams are getting chillingly personal

      17 July 2022
    • Podcasts

      Qush on infosec: why prevention is always better than cure

      11 August 2022

      e4’s Adri Führi on encouraging more women into tech careers

      10 August 2022

      How South Africa can woo more women into tech

      4 August 2022

      Book and check-in via WhatsApp? FlySafair is on it

      28 July 2022

      Interview: Why Dell’s next-gen PowerEdge servers change the game

      28 July 2022
    • Opinion

      SIU seeks to set aside R215-million IT tender

      19 July 2022

      No reason South Africa should have a shortage of electricity: Ramaphosa

      11 July 2022

      Ntshavheni’s bias against the private sector

      8 July 2022

      South Africa can no longer rely on Eskom alone

      4 July 2022

      Has South Africa’s advertising industry lost its way?

      21 June 2022
    • Company Hubs
      • 1-grid
      • Altron Document Solutions
      • Amplitude
      • Atvance Intellect
      • Axiz
      • BOATech
      • CallMiner
      • Digital Generation
      • E4
      • ESET
      • Euphoria Telecom
      • IBM
      • Kyocera Document Solutions
      • Microsoft
      • Nutanix
      • One Trust
      • Pinnacle
      • Skybox Security
      • SkyWire
      • Tarsus on Demand
      • Videri Digital
      • Zendesk
    • Sections
      • Banking
      • Broadcasting and Media
      • Cloud computing
      • Consumer electronics
      • Cryptocurrencies
      • Education and skills
      • Energy
      • Fintech
      • Information security
      • Internet and connectivity
      • Internet of Things
      • Investment
      • IT services
      • Motoring and transport
      • Public sector
      • Science
      • Social media
      • Talent and leadership
      • Telecoms
    • Advertise
    TechCentralTechCentral
    Home»Sections»Information security»Update your iPhone and Mac now: Serious security flaw uncovered

    Update your iPhone and Mac now: Serious security flaw uncovered

    Information security By Agency Staff14 September 2021
    Facebook Twitter LinkedIn WhatsApp Telegram Email

    A cybersurveillance company in Israel developed a tool to break into Apple iPhones with a never-before-seen technique that has been in use since at least February, Internet security watchdog group Citizen Lab said.

    The discovery is important because of the critical nature of the vulnerability, which requires no user interaction and affects all versions of Apple’s iOS, macOS and watchOS, except for those updated on Monday.

    The tool developed by the Israeli firm, named NSO Group, defeats security systems designed by Apple in recent years. Apple said it fixed the vulnerability in Monday’s software update, confirming Citizen Lab’s finding.

    Apple rapidly developed and deployed a fix in iOS 14.8 to protect our users

    “After identifying the vulnerability used by this exploit for iMessage, Apple rapidly developed and deployed a fix in iOS 14.8 to protect our users,” said Ivan Krstić, head of Apple Security Engineering and Architecture, in a statement. “Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals.

    “While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data,” he added.

    Spyware

    An Apple spokesman declined to comment on whether the hacking technique came from NSO Group.

    In a statement, NSO did not confirm or deny that it was behind the technique, saying only that it would “continue to provide intelligence and law enforcement agencies around the world with life-saving technologies to fight terror and crime”.

    Citizen Lab said it found the malware on the phone of an unnamed Saudi activist and that the phone had been infected with spyware in February. It is unknown how many other users may have been infected.

    The intended targets would not have to click on anything for the attack to work. Researchers said they did not believe there would be any visible indication that a hack had occurred.

    Popular chat apps are at risk of becoming the soft underbelly of device security. Securing them should be top priority

    The vulnerability lies in how iMessage automatically renders images. iMessage has been repeatedly targeted by NSO and other cyber arms dealers, prompting Apple to update its architecture. But that upgrade has not fully protected the system.

    “Popular chat apps are at risk of becoming the soft underbelly of device security. Securing them should be top priority,” said Citizen Lab researcher John Scott-Railton.

    Citizen Lab said multiple details in the malware overlapped with prior attacks by NSO, including some that were never publicly reported. One process within the hack’s code was named “setframed”, the same name given in a 2020 infection of a device used by a journalist at Al Jazeera, the researchers found.

    “The security of devices is increasingly challenged by attackers,” said Citizen Lab researcher Bill Marczak.

    A record number of previously unknown attack methods, which can be sold for US$1-million or more, have been revealed this year. The attacks are labelled “zero-day” because software companies had zero days’ notice of the problem.

    Along with a surge in ransomware attacks against critical infrastructure, the explosion in such attacks has stoked a new focus on cybersecurity in the White House as well as renewed calls for regulation and international agreements to rein in malicious hacking.

    The FBI has been investigating NSO, and Israel has set up a senior interministerial team to assess allegations that its spyware has been abused on a global scale.

    Although NSO has said it vets the governments it sells to, its Pegasus spyware has been found on the phones of activists, journalists and opposition politicians in countries with poor human rights records.  — Reported by Christopher Bing and Joseph Menn, (c) 2021 Reuters

    Apple Citizen Lab NSO Group
    Share. Facebook Twitter LinkedIn WhatsApp Telegram Email
    Previous ArticleHow technology is transforming the customer experience in SA
    Next Article China aims for ‘civilised’ Internet with focus on ‘socialist values’

    Related Posts

    Analysis | Rain muddies the waters with approach to Telkom

    11 August 2022

    Rain wants to merge with Telkom: asks to pitch proposal to board

    11 August 2022

    Rain lashed by Takeover Regulation Panel over Telkom statement

    11 August 2022
    Add A Comment

    Comments are closed.

    Promoted

    Pricing Beyond CMYK: printers answer the FAQs

    11 August 2022

    How secure is your cloud?

    10 August 2022

    5 ways to make attack-path management more manageable

    10 August 2022
    Opinion

    SIU seeks to set aside R215-million IT tender

    19 July 2022

    No reason South Africa should have a shortage of electricity: Ramaphosa

    11 July 2022

    Ntshavheni’s bias against the private sector

    8 July 2022

    Subscribe to Updates

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    © 2009 - 2022 NewsCentral Media

    Type above and press Enter to search. Press Esc to cancel.