43F3E567-FFDF-97F2-5210965A481A0307
BE95A4E6-A3C1-4451-929CFB99DCA22FBA

In an effort to better communicate with the Hamilton College community of ongoing information security notices and alerts this Notices and Alerts page seeks provide information on cybersecurity activity targeted at the Hamilton Community and the broader higher education community. Awareness and education are the strongest defense to stop malicious activity and protect Hamilton's systems, data, and people. For any information security concerns contact infosec@hamilton.edu.

Apple's iOS 14.8 Pegasus security fix: All iPhone users urged to update immediately

Tags apple apple watch iphone mac

https://www.cnet.com/tech/services-and-software/apple-ios-14-8-pegasus-security-fix-all-iphone-users-urged-to-update-immediately/

Apple on Monday released security updates for its iPhone, iPad, Apple Watch and Mac computers that close a vulnerability reportedly exploited by invasive spyware built by NSO Group, an Israeli security company. 

The tech giant's security note for iOS 14.8 and iPadOS 14.8 says: "Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited." Apple also released WatchOS 7.6.2, MacOS Big Sur 11.6 and a security update for MacOS Catalina to address the vulnerability. 

The fix, earlier reported by The New York Times, stems from research done by The Citizen Lab, a public interest cybersecurity group that found a Saudi activist's phone had been infected with Pegasus, NSO Group's best-known product. According to Citizen Lab, the zero-day zero-click exploit against iMessage, which it nicknamed ForcedEntry, targets Apple's image rendering library and was effective against the company's iPhones, laptops and Apple Watches. 

Read more: Check if your iPhone is infected with Pegasus spyware with this free tool

Citizen Lab, which is based at the University of Toronto, says it determined NSO used the vulnerability to remotely infect devices with its Pegasus spyware, adding that it believes that the exploit has been in use since at least February. It urged all Apple users to immediately update their operating systems.

"Ubiquitous chat apps have become a major target for the most sophisticated threat actors, including nation state espionage operations and the mercenary spyware companies that service them," Citizen Lab said in a report. "As presently engineered, many chat apps have become an irresistible soft target."

News of the security update comes as Apple readies for one of its most important annual events, the fall rollout of new products. On Tuesday, the company is expected to take the wraps off new iPhones, iPads and Apple Watches. Concerns over the security of those products would likely affect sales. 

Read more: Watch iPhone 13 launch live: How to watch Apple's event today

Apple thanked Citizen Lab for providing a sample of the exploit, which the iPhone maker said wasn't a threat to most of its users.

"Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals," Ivan Krstic, who runs Apple's security engineering and architecture operations, said in a statement. "While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data."

No comments yet.



All Entries

Contact

Jerry Tylutki

Information Security Officer

Help us provide an accessible education, offer innovative resources and programs, and foster intellectual exploration.

Site Search