Security News > 2023 > September > Microsoft Confronts China-based Storm-0558, Apple Issues Patches for Pegasus Spyware

It's a cat-and-mouse struggle as tech giants Microsoft and Apple deal with persistent threats from China state actors and Pegasus spyware.

Revelations this week from Microsoft and Apple speak to the COVID-like persistence of cyber threats and the ability of threat actors to adapt in the wild, steal credentials and sidestep patches.

Microsoft explained this week how it had discovered and attempted to harden ramparts in the face of state actors, while Apple focused on patches designed to address zero day exposure to Pegasus mobile-device spyware.

Microsoft explained how the consumer signing system crash in April of 2021, which resulted in a snapshot of the crashed process, or "Crash dump," gave the actors access to credentials.

Microsoft said that the attackers forged authentication tokens to access user email using the "Acquired" Microsoft account consumer signing key.

A day after Microsoft's explanation, Apple floated an emergency release of software patches to fix a pair of zero-day vulnerabilities that were reportedly used to attack a victim with the NSO Group's Pegasus spyware.

News URL

https://www.techrepublic.com/article/microsoft-apple-spyware/