This vulnerability has existed for many years and has been fixed by Apple many times but still not completely. If infected, a phone containing malicious code can secretly read encrypted messages, turn on the camera and microphone remotely, and continuously track the location of iPhone and iPad.
Two iPhone models with rabbit ears screens. Photo: GSMArena
Apple didn’t elaborate in the update, but noted “messages containing malicious attachments could lead to arbitrary code execution.” However, according to cybersecurity researchers Citizen Lab, the unit that discovered the vulnerability, the malicious code “is capable of compromising devices running the latest version of iOS 16.6 without requiring any interaction from the victim.” core”.
Pegasus malware, developed by NSO company (Israel), has been discovered on iPhone and iPad since early 2021. At that time, Amnesty International said it had found evidence of the iPhone 12 being attacked, causing 50,000 phone numbers to be leaked. Apple announced a patch later.
In September 2021, Apple continued to release an emergency patch after Citizen Lab noticed that Pegasus software continued to prevail. The vulnerability was discovered when testing the iPhone of a social activist in Saudi Arabia and notified to Apple later. At the same time, malicious code was also found on the phones of at least 5 French ministers.
In November 2021, Apple filed a lawsuit against NSO Group, requesting that NSO Group be permanently banned from using its software, services or devices.
Nearly a month later, according to Reuters, the iPhones of at least 9 US State Department employees were hacked using NSO Group’s spy software. The source said the attack “went on for several months”, and the victims were all US State Department officials working in Uganda and people related to East African countries. Some are identified by having an Apple ID using an email with the state.gov extension.
However, NSO Group is said to still be looking for ways to exploit vulnerabilities inside Apple phones. According to FT , the two are playing “cat and mouse” and show no signs of stopping. NSO Group has not yet commented. However, the company repeatedly asserted that its products were “only used to monitor potential terrorists and fight organized crime”, without admitting to eavesdropping.
In addition, the new patch also fixes another vulnerability affecting the Apple Wallet payment application.
Bao Lam (according to FT )
EN 
VI
Leave a Reply
You must be logged in to post a comment.