{"id":22872,"date":"2023-09-08T06:30:08","date_gmt":"2023-09-08T14:30:08","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2023\/09\/08\/news-16602\/"},"modified":"2023-09-08T06:30:08","modified_gmt":"2023-09-08T14:30:08","slug":"news-16602","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2023\/09\/08\/news-16602\/","title":{"rendered":"Message to IT: Update all your Apple devices right away"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/images.idgesg.net\/images\/article\/2018\/02\/priority_high_priorities_importance_important_urgent_thinkstock_680720450-100749329-small.jpg\"\/><\/p>\n<p>Apple has pushed out an essential security update to defend against yet another attack by an out-of-control <a href=\"https:\/\/www.computerworld.com\/article\/3666688\/apple-slaps-hard-against-mercenary-surveillance-as-a-service-industry.html\">mercenary surveillance group<\/a>.<\/p>\n<p>Like a bad smell, NSO Group has clawed its way back into the spotlight with <a href=\"https:\/\/www.computerworld.com\/article\/3641261\/apple-pulls-no-punches-in-lawsuit-against-amoral-nso-group.html\">yet another unprincipled attack<\/a> against free speech and citizens&#8217; rights, as revealed by <a href=\"https:\/\/citizenlab.ca\/2023\/09\/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild\/\" rel=\"nofollow noopener\" target=\"_blank\">Citizen Lab<\/a>. The security researchers found this latest example of a sinister, yet egregious zero-click attack while checking the device of an \u201cIndividual employed by a Washington DC-based civil society organization with international offices.\u201d<\/p>\n<p>This attack, which is being used to deliver NSO Group\u2019s <a href=\"https:\/\/www.computerworld.com\/article\/3693691\/nso-group-returns-with-triple-ios-1516-zero-click-spyware-attack.html\">Pegasus mercenary spyware<\/a>, is deeply concerning as it can compromise iPhones running iOS 16.6 without requiring any interaction from the victim. The researchers explained the exploit involved <a href=\"https:\/\/developer.apple.com\/documentation\/walletpasses\/building_a_pass\" rel=\"nofollow noopener\" target=\"_blank\">PassKit\u00a0attachments<\/a>\u00a0containing malicious images sent via iMessage. The victim wasn\u2019t even required to look at this image.<\/p>\n<p>Citizen Lab alerted Apple to the attack and the company swiftly published a security update for all its devices to protect against it. Both companies confirm <a href=\"https:\/\/www.applemust.com\/how-to-use-lockdown-mode-on-your-iphone-ipad-and-mac\/\" rel=\"nofollow noopener\" target=\"_blank\">Lockdown Mode<\/a> will secure devices against such attack.<\/p>\n<p>Apple published support notes detailing the content of the latest security updates. Warning that these attacks may already be actively exploited, these reveal that \u201cprocessing a maliciously crafted image may lead to arbitrary code execution,\u201d and that this attack was also viable against Wallet.<\/p>\n<p>\u201cWe would like to acknowledge The Citizen Lab at The University of Toronto\u02bcs Munk School for their assistance,\u201d Apple said.<\/p>\n<p>\u201cIn this critical time for the future of democracy, the out-of-control mercenary spyware industry is directly undermining our core shared values, security and human rights,\u201d Citizen Labs Senior Researcher John Scott-Railton <a href=\"https:\/\/twitter.com\/jsrailton\/status\/1552412703209263106?s=20\" rel=\"nofollow noopener\" target=\"_blank\">warned\u00a0the US House Intelligence Committee<\/a>\u00a0last July.<\/p>\n<p>\u201cOnce more, civil society, is serving as the cybersecurity early warning system for&#8230;billions of devices around the world,\u201d he subsequently <a href=\"https:\/\/twitter.com\/jsrailton\/status\/1699871695337607471\" rel=\"nofollow noopener\" target=\"_blank\">warned\u00a0on the latest attack<\/a>.<\/p>\n<p>These attacks are proliferating, the number of companies launching them is increasing, and researchers believe it is inevitable these dangerous exploits will eventually be used by criminals, <a href=\"https:\/\/www.computerworld.com\/article\/3694875\/apple-platform-security-and-the-next-big-war.html#tk.rss_all\">threatening every aspect of civil society<\/a>.<\/p>\n<p>There is a security war that must be fought. Apple has already patched 13 actively exploited zero-day vulnerabilities so far this year.\u00a0The time for complacency with Apple security is gone.<\/p>\n<p>With this in mind, it\u2019s important to adopt a less casual stance to device security.<\/p>\n<p>The mercenaries who create and profit from these attacks like to claim they only work for legitimate governments. If that\u2019s the case, it is strange that civil society advocates across the planet are regularly being targeted.<\/p>\n<p>In other words, far from being found in action against a criminal or military target, this particular attack was being made against someone fighting for civil rights in some way. That is not at all reassuring.<\/p>\n<p>Particularly in light of a <a href=\"https:\/\/t.co\/Bt5poleuCj\" rel=\"nofollow noopener\" target=\"_blank\">recent investigation by the Polish government<\/a>, which found \u201cgross violations of constitutional standards\u201d when the NSO Group\u2019s Pegasus surveillance software was used against opposition leaders. These clearly aren\u2019t the good guys they pretend to be.<\/p>\n<p>In general, such attacks are described as being more likely to take place against high-value targets, as they can be costly to mount. But it is inevitable that attacks of this kind will proliferate and enter the realm of mainstream digital criminality.<\/p>\n<p>It is essential this egregious and amoral sham \u201cindustry\u201d is <a href=\"https:\/\/www.computerworld.com\/article\/3665052\/the-surveillance-as-a-service-industry-needs-to-be-brought-to-heel.html\" rel=\"noopener\" target=\"_blank\">bought to heel<\/a>.<\/p>\n<p><em>Please follow me on\u00a0<a href=\"https:\/\/social.vivaldi.net\/@jonnyevans\" rel=\"nofollow noopener\" target=\"_blank\">Mastodon<\/a>, or join me in the\u00a0<a href=\"https:\/\/mewe.com\/join\/appleholics_bar_and_grill\" rel=\"nofollow noopener\" target=\"_blank\">AppleHolic\u2019s bar &amp; grill<\/a>\u00a0and\u00a0<\/em><a href=\"https:\/\/mewe.com\/join\/apple_discussions\" rel=\"nofollow noopener\" target=\"_blank\"><em style=\"font-weight: inherit;\">Apple<\/em>\u00a0<em style=\"font-weight: inherit;\">Discussions<\/em><\/a><em>\u00a0groups on MeWe.<\/em><\/p>\n<p><a href=\"https:\/\/www.computerworld.com\/article\/3706468\/message-to-it-update-all-your-apple-devices-right-away.html#tk.rss_security\" target=\"bwo\" >http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/images.idgesg.net\/images\/article\/2018\/02\/priority_high_priorities_importance_important_urgent_thinkstock_680720450-100749329-small.jpg\"\/><\/p>\n<article>\n<section class=\"page\">\n<p>Apple has pushed out an essential security update to defend against yet another attack by an out-of-control <a href=\"https:\/\/www.computerworld.com\/article\/3666688\/apple-slaps-hard-against-mercenary-surveillance-as-a-service-industry.html\">mercenary surveillance group<\/a>.<\/p>\n<p>Like a bad smell, NSO Group has clawed its way back into the spotlight with <a href=\"https:\/\/www.computerworld.com\/article\/3641261\/apple-pulls-no-punches-in-lawsuit-against-amoral-nso-group.html\">yet another unprincipled attack<\/a> against free speech and citizens&#8217; rights, as revealed by <a href=\"https:\/\/citizenlab.ca\/2023\/09\/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild\/\" rel=\"nofollow noopener\" target=\"_blank\">Citizen Lab<\/a>. The security researchers found this latest example of a sinister, yet egregious zero-click attack while checking the device of an \u201cIndividual employed by a Washington DC-based civil society organization with international offices.\u201d<\/p>\n<p class=\"jumpTag\"><a href=\"\/article\/3706468\/message-to-it-update-all-your-apple-devices-right-away.html#jump\">To read this article in full, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[2211,10480,10403,10554,714,24580],"class_list":["post-22872","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-apple","tag-ios","tag-macos","tag-mobile","tag-security","tag-small-and-medium-business"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/22872","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=22872"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/22872\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=22872"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=22872"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=22872"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}