He pointed out that since Lookout and The Citizen Lab first discovered Pegasus five years ago, it has continued to evolve and take on new capabilities. “Once the attacker has control of a mobile device or compromises the user’s credentials, they have free access to your entire infrastructure.” Pegasus Continues to Evolve “From an enterprise perspective, leaving mobile devices out of the greater security strategy can represent a major gap in the ability to protect the entire infrastructure from malicious actors,” he explained. Schless explained there are countless pieces of malware out there that can easily exploit known device and software vulnerabilities to gain access to an individual’s most sensitive data. “Pegasus is an extreme but easily understandable example,” he said. Hank Schless, senior manager of security solutions at Lookout, an endpoint-to-cloud security company, said this type of spyware exemplifies how important it is for both individuals and enterprise organizations to have visibility into the risks their mobile devices present. “We are constantly adding new protections for their devices and data,” the statement continued. He added that while that means those attacks are not a threat to the “overwhelming majority” of Apple users, the company continues to work to defend all their customers. “Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals.” “After identifying the vulnerability used by this exploit for iMessage, Apple rapidly developed and deployed a fix in iOS 14.8 to protect our users,” Ivan Krstić, head of Apple Security Engineering and Architecture, said in a statement. The spyware can also turn on the device’s cameras and microphones. The zero-click attack tool also took advantage of a previously unknown security vulnerability in Apple’s iMessage platform, allowing malicious actors to gain access to a user’s texts, emails and phone calls. The organization said it believes the exploit has been in use since at least February 2021. The exploit, which Citizen Lab calls FORCEDENTRY, targets Apple’s image rendering library and was effective against Apple iOS, MacOS and WatchOS devices. Securing them should be top priority.” FORCEDENTRY Exploit Targets Image Rendering Library “Popular chat apps are at risk of becoming the soft underbelly of device security. If there’s an update, select Download and Install.“This spyware can do everything an iPhone user can do on their device and more,” Citizen Lab researcher John Scott-Railton told The New York Times. Go to Settings System Software Updates and select Update Software. Tap Install if a software update is available, then follow the onscreen instructions. Make sure that your watch is connected to Wi-Fi. If your Apple Watch has watchOS 6 or later, you can install subsequent updates without your iPhone: At the end of the day, leave your Apple Watch and iPhone charging overnight so the update can complete. Tap Update Tonight in the notification, then go to your iPhone to confirm that you want to update overnight. When a new update is available, your Apple Watch notifies you. To Update Your Apple Watch Using Your iPhone You might want to update overnight or wait until you have time. It could take from several minutes to an hour for the update to complete. Keep your iPhone next to your Apple Watch, so that they’re in range. Make sure that your Apple Watch is at least 50 percent charged. Update your iPhone to the latest version of iOS.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |