Apple has issued a security advisory addressing two zero-day flaws that are now being exploited in active attacks. These vulnerabilities are identified as CVE-2021-30860 and CVE-2021-30858 in iOS/macOS. Both of these vulnerabilities are zero-day flaws that have previously been exploited by threat actors.
More on the Vulnerabilities –
According to a new Apple alert, the company has patched two recent zero-day vulnerabilities that were used to spread Pegasus (by NSO Group) on Bahraini activists’ iPhones. A new exploit called FORCEDENTRY took advantage of these weaknesses (CVE-2021-30860).
- Citizen Lab uncovered the first vulnerability, CVE-2021-30860, which is an integer overflow issue. Improved input validation was used to solve the problem.
- An unknown researcher disclosed the second vulnerability (CVE-2021-30858), which is a use-after-free bug. The vulnerability could be used to gain control of an affected device.
- Researchers discovered that the FORCEDENTRY exploit may be used to circumvent iOS’s BlastDoor sandbox, which was launched eight months ago.
The recent attack –
Researchers from Citizen Lab uncovered two zero-click iMessage exploits (FORCEDENTRY and KISMET) used to spread Pegasus spyware in Bahrain last month.
- The iPhones of nine activists from the Bahrain Center for Human Rights, Al Wefaq, and Waad were targeted in the attack.
- The attack was carried out by a threat actor known as LULU, who is suspected of having ties to Bahrain’s government.
Spyware that exploits zero-day vulnerabilities, such as Pegasus, can have severe consequences, as it not only compromises the privacy of victims but also threatens national security. While organizations routinely patch identified vulnerabilities, experts believe that restricting the usage of spyware like this could help to prevent some of these cyber-attacks.
To read more, please check eScan Blog
