Security

Update your Apple Device's

Apple urges its users to update all their Apple products, iPhones, iPods, Watches and Mac's immediately to protect themselves against a zero-day exploit disclosed yesterday.

Nexthost

3 min read
Update your Apple Device's
CVE-2021-30860 Pegasus

Apple has urged its users to update all their Apple Products including iPhones, iPads, iPods and Watches

Apple has released security updates to fix two zero-day vulnerabilities that have now been exploited in the wild. These affect almost all Apple products.

Despite the increased amount of attacks against iOS devices, Apple users are generally under the misconception that Apple products are not vulnerable to Malware attacks and have adopted a false sense of security with regards to their devices.

Unfortunately, this is not necessarily the case and is giving many iOS users a false sense of security.

What makes this even more dangerous is how it is exploited, which is a simple but malicious SMS disguised as a PDF, and, once opened a hacker may be able to operate your camera, microphone and access your pictures, documents and other sensitive data without your knowledge.

The vulnerabilities CVE-2021-30858, & CVE-2021-30860, codename Pegasus for coolness, both allow a maliciously crafted document to execute commands without the user's knowledge. It is alleged that CVE-2021-30858 has been actively exploited since January 2021. Apple's response was to implement a security feature called iOS BlastDoor; however, this ironically didn't seem to make much difference.

Apple has been inundated by zero-day vulnerabilities over the year 2021, and, true to their word they don't supply much information to the public; however, a security patch have been released to the public.

If you have not already updated your Apple products, we highly recommend doing so as soon a possible, and another reminder to always be vigilant when opening anything sent to you that you unless you are 100% sure that it is safe.

If you have not already updated your Apple products, we highly recommend doing so as soon as possible. Always remember to take care when opening unknown emails and messages. If you are not sure it's legitimate, ask someone.

If you believe you may be compromised, we recommend performing a full factory wipe of the device(s) and consult an expert as soon as possible.

CVE -CVE-2021-30860
CVE® is a list of records — each containing an identification number, a description, and at least one public reference — for publicly known cybersecurity vulnerabilities. The mission of the CVE Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.
CVE-2021-30860
CVE Program
About the security content of Security Update 2021-005 Catalina
This document describes the security content of Security Update 2021-005 Catalina.
Apple Support
Apple security updates
FORCEDENTRY: NSO Group iMessage Zero-Click Exploit Captured in the Wild - The Citizen Lab
While analyzing the phone of a Saudi activist infected with NSO Group’s Pegasus spyware, we discovered a zero-day zero-click exploit against iMessage. The exploit, which we call FORCEDENTRY, targets Apple’s image rendering library, and was effective against Apple iOS, MacOS and WatchOS devices.
The Citizen LabBill Marczak
The Citizen Lab