Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Apple fixes actively exploited FORCEDENTRY zero-day flaws

Apple released security patches to fix two zero-day vulnerabilities in iOS and macOS that are actively exploited in attacks in the wild. Apple rolled out security patches to fix a couple of zero-day flaws in iOS and macOS (CVE-2021-30860, CVE-2021-30858), the IT giant also warns its customers that these issues are actively exploited in attacks […]

Apple Signal

Apple released security patches to fix two zero-day vulnerabilities in iOS and macOS that are actively exploited in attacks in the wild.

Apple rolled out security patches to fix a couple of zero-day flaws in iOS and macOS (CVE-2021-30860, CVE-2021-30858), the IT giant also warns its customers that these issues are actively exploited in attacks in the wild, come of which were reported by researchers from Citizen Lab.

In August, researchers from Citizen Lab spotted a zero-click iMessage exploit that was used to deploy NSO Group’s Pegasus spyware on Bahraini activists’ devices.

The iPhones of nine activists, including members of the Bahrain Center for Human RightsWaadAl Wefaq, were infected with Pegasus spyware as part of a surveillance operation likely orchestrated by a threat actor tracked as LULU and attributed with high confidence to the government of Bahrain.

“We identified nine Bahraini activists whose iPhones were successfully hacked with NSO Group’s Pegasus spyware between June 2020 and February 2021. Some of the activists were hacked using two zero-click iMessage exploits: the 2020 KISMET exploit and a 2021 exploit that we call FORCEDENTRY.” reads the analysis published by citizen Lab.

“Phone logs indicated that the “responsible process” for the spyware was amfid, the Apple mobile file integrity daemon. We saw the FORCEDENTRY exploit successfully deployed against iOS versions 14.4 and 14.6 as a zero-day.With the consent of targets, we shared these crash logs and some additional phone logs relating o KISMET and FORCEDENTRY with Apple, Inc., which confirmed they were investigating.”

Threat actors leveraged two zero-click iMessage exploits to infect the iPhones with spyware, respectively known as 2020 KISMET exploit and a new exploit dubbed FORCEDENTRY.

Citizen Lab researchers discovered that the FORCEDENTRY exploit is able to bypass the “BlastDoor” sandbox introduced eight months ago in iOS to block iMessage zero-click exploits.

The first issue, tracked as CVE-2021-30860, is an integer overflow that was reported by Citizen Lab, The flaw was addressed by improving input validation.

CoreGraphics: Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.” reads the advisory published by Apple. “An integer overflow was addressed with improved input validation.

The second flaw, tracked as CVE-2021-30858, is an use after free issue that was reported by an anonymous researcher.

WebKit: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.” continues the advisory.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Apple)

[adrotate banner=”5″]

[adrotate banner=”13″]