![]() ![]() #APPLE IOS 14.7 UPDATE PDF#Apple quickly released the software updates patching the bug on September 13th, and thanked Citizen Lab in a statement for “completing the very difficult work of obtaining a sample of this exploit.”ĬoreGraphics’ PDF rendering seems to have been problematic recently when it comes to security. ( Apple’s update notes say that the issue occurred when processing a maliciously crafted PDF.) Citizen Lab suspected they could’ve been related to Pegasus, so it sent the files to Apple on September 7th. The files appeared to be GIFs sent as SMS attachments, but were actually PSDs and PDFs. According to Citizen Lab, they discovered files while re-analyzing a backup from an activist’s hacked phone. However, even with that info, it could be difficult to pin down exactly what was happening without access to the infected files themselves. At the time, the security researchers wrote that it was made possible by a bug in Apple’s CoreGraphics system, and happened when the phone tried to use a function related to GIFs, after it received a text message containing a malicious file. Citizen Lab also said the vulnerability, which it codenamed “ForcedEntry,” seemed to match the behavior of an exploit Amnesty International wrote about in July. We heard about the exploit in August, when Citizen Lab reported that it had been successfully used against phones running iOS 14.6 (released in May). Apple’s update page says it’s “aware of a report that this issue may have been actively exploited.” ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |