Zero Day Vulnerability Tampering Every Device Has Now Been Patched By Apple

A new security update has been rolled out by Apple. This security update was released to counter the zero day vulnerability found by the Citizen Lab. This threat can tamper almost every iOS smartphone including iPhone, iPad and even other devices such as Apple Watch as well as Mac are not safe. This is why lately Citizen Lab had asked Apple’s users to immediately update their devices as soon as possible.According to the Silicon Valley’s Giant, the iOS 14.8 and other new updates are able to resist the security threat being observed in the devices. However these updates can only fix the most used vulnerability.Some recent artefacts were also found belonging to the Forced Entry Vulnerability as revealed by the research lab. This discovery was made in August during the study of the Zero day vulnerability that was used as a source to hack into the iPhone of an activist from Bahrain.While these artefacts of Forced Entry vulnerability were discovered back in August, the Citizen Lab also disclosed some basics behind the name Zero day Vulnerability, they told that this vulnerability would not even give a 24 hours to the companies under attack so they could find a solution. The vulnerability took its root from Apple’s iMessage and used the application for activating the spyware belonging to the Israeli based company, the NSO group. This Pegasus Spyware was pushed on the social activist’s mobile phone.This spyware is famous for providing full accessibility to the state of the target’s smart phone. The government will be accessible to their private information, private data, their pictures, conversations and even device’s location.This was a significant blow for the tech giant because both iOS 14.4 and iOS 14.6 were exploited and not only this even their defense system present in iPhone’s iOS 14 which was created to counter any hidden assault through filtering out any suspicious code could not stop Forced Entry from taking over.After a thorough research , the Citizen Lab unveiled that Forced Entry left some piece of evidence behind on an other activist’s smart device who had the latest iOS version installed. It was found that a weak spot was present in the process of pictures being displayed on an Apple’s gadget. The weak spot was used against the device.These details were then shared with Apple by Citizen Lab on 7th September and the threat was now officially named as CVE 2021 30860. The research company linked NSO with the Forced Entry Vulnerability with great self confidence based on the artefacts found by them.One of the research worker John Scott Railton, working at Citizen Lab told that Apple’s iMessage is a target application for most of the governmental hacking projects and thus these applications needs to get secured.Ivan Krstić, the head of architecture and security engineering department of Apple released a statement in response to the new fix and told that the new iOS 14.8 was upgraded to protect its users. He also appreciated the work carried by Citizen Lab in assisting them. He further added that such attacks were meant to be centered and are only targeted towards certain individuals and may range up to millions of dollars to develop, which means that a wide range of their users community is safe however, Apple aims to protect the data of all of its customers and will keep trying to add new security features on their devices.Creator: Drew Angerer / Credit: Getty ImagesRead next: Only A Few Companies Have The Proper Cyber Security System To Run File Uploads

Link to full article Share

September 14 2021 | Arooj Ahmed

https://www.digitalinformationworld.com/2021/09/zero-day-vulnerability-tampering-every.html