On September 13, Apple surprised its users with a system update on iPhone, iWatch, iPad and MacOS. Something that does not happen very often and less if it comes with an official Apple publication indicating the importance of installing the update.
All this due to a report by Citizen Lab, where they confirmed that with a malicious PDF document it is possible to exploit the CVE-2021-30858 and CVE-2021-30860 vulnerabilities to execute commands on iOS and macOS. Terrible for the user, but you have to know what it means and where this threat comes from.
It all started in February 2021 when the company Forcedentry analyzed an iPhone that had been taken from a Saudi activist and that was infected with spyware of Israeli origin, called Pegasus, from the company NSO Group. They discovered that there was a 0-day, totally unknown, and 0-click vulnerability that could be effective on any of the Apple-branded devices.
However, initial research thought that iMessage was the way to exploit this weakness until on August 24, Citizen Lab published a report showing that these vulnerabilities could and were being exploited using PDF documents that contain hidden commands that they run on systems and give attackers access to information on these devices.
The most serious thing about this threat is that it is totally invisible and undetectable for the user. At least it has been used by NSO Group, as announced by different media in the week of August 14 to 27, when the investigation was made public that claims that activists from the Bahrain human rights center, between June 2020 and February 2021, had been spied on using this attack in conjunction with software known as Pegasus.
Without a doubt, we all handle data and contacts, and also our devices have an Internet connection, so knowing that there is this vulnerability that nobody knew about (0-day) and that allows you to take control and spy on mobile devices and computers of the brand of Apple, it is undoubtedly an opportunity that attackers will not miss.
This set of circumstances makes any iPhone, IPad, iPod, iWatch and MacOS user a potential victim of this threat from now on. Unfortunately for Apple, it is not the first case this year, nor the first caused by the investigation of these cell phones by Saudi activists, from which the following threats have been reported:
It's time to keep Apple devices very updated, and immediately install the updates that came out between September 13 and 15 in the newsletter https://support.apple.com/en-us/HT201222 and the newsletter https://support.apple.com/en-us/HT212807.
This is where the weaknesses detected by Citizen Lab and some other researchers are corrected, mitigating the possibility that criminals can take advantage of it and access the information of the devices or deploy espionage or hijacking malware.
It is not only on the iPhone, if you have an iPad, iWatch or a Mac, you should also install the updates in the shortest possible time, because once they are public, the chances of them being used by the different criminal groups in cyberspace increase.
Fuente: Apple CVE-2021-30860