I’ve installed the new Apple updates. Have you?

From Zach Whittaker’s TechCrunch’s “Apple patches an NSO zero-day flaw affecting all devices” posted Monday, updated with Apple’s comment:

Last month, Citizen Lab said the zero-day flaw — named as such since it gives companies zero days to roll out a fix — took advantage of a flaw in Apple’s iMessage, which was exploited to push the Pegasus spyware, developed by Israeli firm NSO Group, to the activist’s phone…

In a brief statement, Apple’s head of security engineering and architecture Ivan Krstić confirmed the fix.

“After identifying the vulnerability used by this exploit for iMessage, Apple rapidly developed and deployed a fix in iOS 14.8 to protect our users. We’d like to commend Citizen Lab for successfully completing the very difficult work of obtaining a sample of this exploit so we could develop this fix quickly. Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals. While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data,” said Krstić.

My take: When Apple moves quickly to close a zero-day exploit, so do I.

4 Comments

  1. Adam Foster said:
    We all did the update last night…

    4
    September 14, 2021
  2. Gregg Thurman said:
    I did it this morning after reading about it here.

    4
    September 14, 2021
  3. Bart Yee said:
    Updated all iPhones, iPads and Watches. No macs to update.

    4
    September 14, 2021
  4. I finished updating all Apple gear. Alas, NSO Group is probably finished with Pegasus 2.0. That son-of-a-Medusa!
    There was a brief period where we ran trials of similar software for Android and iOS at Ma Bell, some even developed overseas. We asked the customer seeking technical support if they agreed with us tunneling into their device, an Agree prompt then popped up. After they agreed we were free to do anything inside their phone. There was a check box on our end to disable the Agree prompt, in case a customer was disabled. One by one we all realized all governments probably have this same software and use it frequently.
    Customers often had issues with photos stored. We would inevitably see some photos while trying to restore them. Trial Program cancelled shortly after a rep commented on a customer’s photos.

    5
    September 14, 2021

Leave a Reply