Earlier researchers discovered that the notorious Israeli spyware developer NSO Group used unknown vulnerabilities in Apple iMessage to conduct attacks.
Theoretically speaking, government agencies that purchase Pegasus spyware only need to know the target user’s mobile phone number or Apple account to use the flaws to implement comprehensive surveillance.
Including but not limited to remotely turning on the camera and microphone for recording and recording, stealing photos or address books, and monitoring the user’s SMS records or location information, etc.
Since the vulnerability used by the NSO Group may have been acquired from the black market, the vulnerability was not discovered by Apple and was therefore persistently exploited by the NSO Group.
These new vulnerabilities are CVE-2021-30860 and CVE-2021-30858, these vulnerabilities defeats Apple’s BlastDoor defense system, which is used to filter malicious messages.
Apple was notified by researchers of this new vulnerability on September 7 and released an update today. iPhone and iPad devices all need to be upgraded.
IPhone and iPad users need to upgrade the iOS version to iOS 14.8/iPadOS 14.8. For security reasons, this version does not support a downgrade after the upgrade.
If you use other Apple devices, please click Check Update to upgrade to the latest version in time. As for the details of the vulnerability, Apple will release it after most users upgrade.