For a detailed advisory, download the pdf file here.
Two actively exploited vulnerabilities (CVE-2021-30858 and CVE-2021-30860) have been fixed in Apple's iOS 14.8, iPadOS 14.8, watchOS 7.6.2, macOS Big Sur 11.6, and Safari 14.1.2 releases. The NSO group carried out the attack by simply sending a malicious text message which were actually Adobe PSD files that crashed the iMessage component responsible for automatically rendering images and then deployed the Pegasus surveillance tool. Users of Apple's iPhone, iPad, Mac, and Apple Watch should update their software right away to avoid any potential hazards resulting from active exploitation of the holes.
CVE ID | Affected CPEs | Vulnerability Name |
---|---|---|
CVE-2021-30858 | cpe:2.3:o:apple:macos:::::::: | |
cpe:2.3:o:apple:iphone_os:::::::: | ||
cpe:2.3:o:apple:ipados:::::::: | Arbitrary code execution | |
CVE-2021-30860 | cpe:2.3:o:apple:ipados:::::::: | |
cpe:2.3:o:apple:iphone_os:::::::*: | ||
cpe:2.3:o:apple:mac_os_x:::::::: | ||
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:::::: | ||
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004:::::: | ||
cpe:2.3:o:apple:watchos:::::::: | ||
cpe:2.3:o:apple:macos:::::::: | Integer overflow leading to arbitrary code execution. |
Name|Known as|Origin|Target Locations|Target|
β|β|β|β|β|β
NSO group| Pegasus spyware| Israel| Worldwide| Surveillance, Financial gain|
<https://support.apple.com/en-us/HT212804>
<https://support.apple.com/en-us/HT212805>
<https://support.apple.com/en-us/HT212806>
<https://support.apple.com/en-us/HT212807>
<https://thehackernews.com/2021/09/apple-issues-urgent-updates-to-fix-new.html>