Apple has fixed a security flaw with Today’s release of iOS 14.8, iPadOS 14.8, watchOS 7.6.2, and macOS 11.6.
The flaw was discovered by Citizen Lab, a cyber research arm of the University of Toronto, detailed on Monday, involving the company’s Messages app.
“Processing a maliciously crafted PDF can lead to arbitrary code execution. Apple is aware of a report indicating that this issue may have been actively exploited. ” said the iPhone manufacturer’s document on patches fixed today.
Citizen Lab said the flaw allowed Israel’s NSO Group to use its Pegasus malware to exploit Apple devices. Just by receiving the PDF, victims could have their phones compromised. The security flaw was used by the Pegasus malware to gain access to the Apple device of a Saudi activist, Citizen Lab said.
“NSO Group will continue to provide intelligence and law enforcement agencies around the world with life-saving technologies to combat terrorism and crime,” the company said in a statement. Bloomberg. The Israeli firm has been criticized numerous times by cyber researchers for its role in helping regimes break into the phones of journalists and activists.
Apple says that Messages exploits “is not a threat to the vast majority of our users” and that it is working on new protections. He also thanks Citizen Lab for obtaining a sample of the exploit and for their help in fixing the problem. https://t.co/aC6Yk28KzV pic.twitter.com/J0iI1egIVm
– Mark Gurman (@markgurman) September 13, 2021
Update September 12: You can read Apple’s statement on the above matter according to @MarkGurman.