wordpress blog stats
Connect with us

Hi, what are you looking for?

, , ,

CERT-In issues advisory for Apple users to install remote exploit patch

The advisory comes amid controversial revelations on the Pegasus spyware which can reportedly infect phones and collect data using zero-click exploits. 

The Indian Computer Emergency Response Team on Wednesday issued an advisory asking Apple users to update their iOS, iPadOS, and macOS to patch a vulnerability that could be exploited with a “maliciously crafted application” to hijack users’ devices and gain elevated permissions on them. “A vulnerability has been reported in Apple iOS and iPadOS which could be exploited by a remote attacker to execute arbitrary code and gain elevated privileges on a targeted system,” the advisory said.

Why it matters? It is unclear if this update, version 14.7.1 for iOS users, fixes an exploit used by the NSO Group’s Pegasus spyware, which has been reported to be used by multiple countries, including India, to hijack users’ phones and spy on their phones’ contents and commandeer their mic and camera. However, such exploits, as the Pegasus Project shows, have incredibly worrying consequences for iOS users, especially those who don’t update their phones very often. Additionally, if this is indeed the vulnerability that CERT-In has published its advisory on, it is a curious contrast with the Indian NSO client who could have been using this exploit.

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

Description: A memory corruption issue was addressed with improved memory handling.

Advertisement. Scroll to continue reading.

CVE-2021-30807: an anonymous researcher — Apple

An Apple spokesperson did not respond to a query for comment. “For our customers’ protection, Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available,” the company says on its website.

Pegasus revelations so far

NPR reported on Friday that NSO Group, the Israeli company that developed the Pegasus spyware, has suspended several government clients to investigate misuse of its spyware. Although, it is not clear if the Indian client is among those whose licenses are suspended. Some of the potential targets of surveillance include the following

  • Reliance ADAG’s Anil Ambani and officials from Dassault Aviation India, Saab India, and Boeing India were listed as persons of interest.
  • Two retired top Border Security Force officials, a retired official from the Research and Analysis Wing (RAW), and two Indian Army officers were listed as possible targets.
  • Former Chief Ministers of Karnataka from the Janata Dal (Secular) and Congress parties may have been targeted at a time when their coalition government in the state was involved in an intense power struggle with the BJP.
  • Tamil nationalist leaders and several Periyarist activists such as Naam Thamizhar Katchi’s Seeman, Thirumurugan Gandhi, Thanthai Periyar Dravidar Kazhagam’s K Ramakrishnan, and Dravidar Kazhagam treasurer Kumaresan were listed as potential targets.
  • Former CBI chief Alok Verma, personal mobile numbers of his relatives along with numbers of two other senior CBI officials, Rakesh Asthana and AK Sharma, may have been targeted.
  • More than 25 people from the Kashmir Valley, including journalists, separatist leaders, human rights activists, politicians, and business persons, were selected as potential targets of intrusive surveillance between 2017 and mid-2019.
  • Opposition leaders like INC’s Rahul Gandhi, TMC’s Abhishek Bannerjee, former PM Deve Gowda, and political analyst Prashant Kishor were also listed as targets along with a former Election Commission member Ashok Lavasa, several activists, 40 journalists, and others.

Also read

What is your takeaway from this issue? Leave a comment below

Written By

I cover the digital content ecosystem and telecom for MediaNama.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

When news that Walmart would soon accept cryptocurrency turned out to be fake, it also became a teachable moment.

News

The DSCI's guidelines are patient-centric and act as a data privacy roadmap for healthcare service providers.

News

In this excerpt from the book, the authors focus on personal data and autocracies. One in particular – Russia.  Autocracies always prioritize information control...

News

By Jai Vipra, Senior Resident Fellow at Vidhi Centre for Legal Policy The use of new technology, including facial recognition technology (FRT) by police...

News

By Stella Joseph, Prakhil Mishra, and Yash Desai The Government of India circulated proposed amendments to the Consumer Protection (E-Commerce) Rules, 2020 (“E-Commerce Rules”) which...

You May Also Like

News

Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

News

By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

Advert

135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...

News

Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ