Geeks for your information
Apple Issues Urgent iPhone Updates; None for Pegasus Zero-Day - Printable Version

+- Geeks for your information (https://www.geeks.fyi)
+-- Forum: News (https://www.geeks.fyi/forumdisplay.php?fid=105)
+--- Forum: Privacy & Security News (https://www.geeks.fyi/forumdisplay.php?fid=107)
+--- Thread: Apple Issues Urgent iPhone Updates; None for Pegasus Zero-Day (/showthread.php?tid=15680)



Apple Issues Urgent iPhone Updates; None for Pegasus Zero-Day - silversurfer - 23 July 21

Quote:iPhone users, drop what you’re doing and update now: Apple has issued a warning about a ream of code-execution vulnerabilities – some of which are remotely exploitable – and experts are emphatically recommending an ASAP update to version 14.7 of iOS and iPadOS.
 
Unfortunately, you aren’t getting a fix for the flaw that makes your iPhones easy prey for Pegasus spyware. As headlines have focused on all week, a zero-click zero-day in Apple’s iMessage feature is being exploited by NSO Group’s notorious Pegasus mobile spyware: A spyware blitz enabled by a bug that has given the security community pause about the security of Apple’s closed ecosystem.
 
The patches address a total of 40 vulnerabilities, 37 of which are in iPhones. The most severe of the flaws could allow for arbitrary code execution with kernel or root privileges. See below for a full list of the vulnerabilities and their details.
 
Besides fixing other, non-Pegasus-associated vulnerabilities in iOS and iPadOS, Wednesday’s security updates also squashed bugs in macOS Big Sur 11.5 and in macOS Catalina.
 
Fortunately, as of now, there are no reports of these vulnerabilities being exploited in the wild. But as noted by MS-ISAC, the Multi-State Information Sharing and Analysis Center, the risk to large and medium-sized government and business entities is rated high. The flaws are rated medium-risk for small business or government entities, while the risk to home users is considered low.

Read more: Apple Issues Urgent iPhone Updates; None for Pegasus Zero-Day | Threatpost