Security News

A previously undisclosed "Zero-click" exploit in Apple's iMessage was abused by Israeli surveillance vendor NSO Group to circumvent iOS security protections and target nine Bahraini activists. "The hacked activists included three members of Waad, three members of the Bahrain Center for Human Rights, two exiled Bahraini dissidents, and one member of Al Wefaq," researchers from University of Toronto's Citizen Lab said in a report published today, with four of the targets hacked by an actor it tracks as LULU and believed to be the government of Bahrain.

A never-before-seen, zero-click iMessaging exploit has been allegedly used to illegally spy on Bahraini activists with NSO Group's Pegasus spyware, according to cybersecurity watchdog Citizen Lab.The digital researchers are calling the new iMessaging exploit FORCEDENTRY. In a report published on Tuesday, researchers said that they've identified nine Bahraini activists whose iPhones were inflicted with Pegasus spyware between June 2020 and February 2021.

Digital threat researchers at Citizen Lab have uncovered a new zero-click iMessage exploit used to deploy NSO Group's Pegasus spyware on devices belonging to Bahraini activists. The spyware was deployed on their devices after being compromised using two zero-click iMessage exploits: the 2020 KISMET exploit and a new never-before-seen exploit dubbed FORCEDENTRY. New iPhone zero-click exploit in use since February 2021.

A new extortion scam is underway that attempts to capitalize on the recent Pegasus iOS spyware attacks to scare people into paying a blackmail demand. Last month, Amnesty International and non-profit project Forbidden Stories revealed that the Pegasus spyware was installed on fully updated iPhones through a zero-day zero-click iMessage vulnerability.

In this post, I'll collect links on Apple's iPhone backdoor for scanning CSAM images. Apple says that hash collisions in its CSAM detection system were expected, and not a concern.

Too many of these - there's a threshold - and Apple's systems will let Apple staff investigate. In a blog post "Recognizing People in Photos Through Private On-Device Machine Learning" last month, Apple plumped itself up and strutted its funky stuff on how good its new person recognition process is.

Apple is about to announce a new technology for scanning individual users' iPhones for banned content. The neural network-based tool will scan individual users' iDevices for child sexual abuse material, respected cryptography professor Matthew Green told The Register today.

Now it's Apple's turn to be in the patch-right-now spotlight, with a somewhat under-announced emergency zero-day fix, just a few days after the company's last, and much broader, security update. These include elevation of privilege, where an otherwise uninteresting app suddenly gets the same sort of power as the operating system itself, or even remote code execution, where an otherwise innocent operation, such as viewing a web page or opening up an image, could trick the kernel into running completely untrusted code that didn't come from Apple itself.

Apple on Monday rolled out an urgent security update for iOS, iPadOS, and macOS to address a zero-day flaw that it said may have been actively exploited, making it the thirteenth such vulnerability Apple has patched since the start of this year. CVE-2021-30661 - Processing maliciously crafted web content may lead to arbitrary code execution.

Apple has released security updates to address a zero-day vulnerability exploited in the wild and impacting iPhones, iPads, and Macs. Three iOS zero-days in February, exploited in the wild and reported by anonymous researchers.