wordpress blog stats
Connect with us

Hi, what are you looking for?

, , ,

CERT-In issues advisory for Apple users to install remote exploit patch

The advisory comes amid controversial revelations on the Pegasus spyware which can reportedly infect phones and collect data using zero-click exploits. 

The Indian Computer Emergency Response Team on Wednesday issued an advisory asking Apple users to update their iOS, iPadOS, and macOS to patch a vulnerability that could be exploited with a “maliciously crafted application” to hijack users’ devices and gain elevated permissions on them. “A vulnerability has been reported in Apple iOS and iPadOS which could be exploited by a remote attacker to execute arbitrary code and gain elevated privileges on a targeted system,” the advisory said.

Why it matters? It is unclear if this update, version 14.7.1 for iOS users, fixes an exploit used by the NSO Group’s Pegasus spyware, which has been reported to be used by multiple countries, including India, to hijack users’ phones and spy on their phones’ contents and commandeer their mic and camera. However, such exploits, as the Pegasus Project shows, have incredibly worrying consequences for iOS users, especially those who don’t update their phones very often. Additionally, if this is indeed the vulnerability that CERT-In has published its advisory on, it is a curious contrast with the Indian NSO client who could have been using this exploit.

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

Description: A memory corruption issue was addressed with improved memory handling.

Advertisement. Scroll to continue reading.

CVE-2021-30807: an anonymous researcher — Apple

An Apple spokesperson did not respond to a query for comment. “For our customers’ protection, Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available,” the company says on its website.

Pegasus revelations so far

NPR reported on Friday that NSO Group, the Israeli company that developed the Pegasus spyware, has suspended several government clients to investigate misuse of its spyware. Although, it is not clear if the Indian client is among those whose licenses are suspended. Some of the potential targets of surveillance include the following

  • Reliance ADAG’s Anil Ambani and officials from Dassault Aviation India, Saab India, and Boeing India were listed as persons of interest.
  • Two retired top Border Security Force officials, a retired official from the Research and Analysis Wing (RAW), and two Indian Army officers were listed as possible targets.
  • Former Chief Ministers of Karnataka from the Janata Dal (Secular) and Congress parties may have been targeted at a time when their coalition government in the state was involved in an intense power struggle with the BJP.
  • Tamil nationalist leaders and several Periyarist activists such as Naam Thamizhar Katchi’s Seeman, Thirumurugan Gandhi, Thanthai Periyar Dravidar Kazhagam’s K Ramakrishnan, and Dravidar Kazhagam treasurer Kumaresan were listed as potential targets.
  • Former CBI chief Alok Verma, personal mobile numbers of his relatives along with numbers of two other senior CBI officials, Rakesh Asthana and AK Sharma, may have been targeted.
  • More than 25 people from the Kashmir Valley, including journalists, separatist leaders, human rights activists, politicians, and business persons, were selected as potential targets of intrusive surveillance between 2017 and mid-2019.
  • Opposition leaders like INC’s Rahul Gandhi, TMC’s Abhishek Bannerjee, former PM Deve Gowda, and political analyst Prashant Kishor were also listed as targets along with a former Election Commission member Ashok Lavasa, several activists, 40 journalists, and others.

Also read

What is your takeaway from this issue? Leave a comment below

Written By

I cover the digital content ecosystem and telecom for MediaNama.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

Due to the scale of regulatory and technical challenges, transparency reporting under the IT Rules has gotten off to a rocky start.

News

Here are possible reasons why Indians are not generating significant IAP revenues despite our download share crossing 30%.

News

This article addresses the legal and practical ambiguities in understanding the complex crypto ecosystem in India.

News

It is widely argued that the PDP Bill report seeks to discard the intermediary status of social media platforms but that may not be...

News

Looking at the definition of health data, it is difficult to verify whether health IDs are covered by the Bill.

You May Also Like

News

Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

Advert

135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...

News

Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

News

By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ