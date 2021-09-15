



Fixes have been released for two critical vulnerabilities in Apple’s developments, which were used, among other things, to install the Pegasus spyware platform.

Without hooves and wings

Apple has released updates for two critical vulnerabilities that have been actively exploited by cyber attackers. One of them was used to install the Pegasus spyware program, developed by the notorious Israeli company NSO Group, on Apple iPhones.

The vulnerabilities were named CVE-2021-30858 and CVE-2021-30860; both allow specially prepared documents or web pages to be used to run arbitrary commands on vulnerable devices.

CVE-2021-30858 – Vulnerability in the use-after-free class (reuse of an already freed memory area) in the WebKit component. It leads to the fact that when visiting specially crafted malicious web pages, arbitrary commands can be launched for iPhone and macOS users. Information about the “bug” was disclosed anonymously.

In turn, the CVE-2021-30860 vulnerability was detected in the CoreGraphics component. This is a “classic” integer overflow bug that allows you to run arbitrary commands on iOS and macOS devices using specially prepared PDF files. The problem was identified by experts from Citizen Lab. The company’s publication indicates that an iMessage exploit called FORCEDENTRY was used against the vulnerability. The exploit is already dangerous because it does not require any interaction with the user – for it, the infection occurs completely unnoticed.

Battering ram against armored doors

The FORCEDENTRY exploit was first spotted in early 2021: it was used to infect the smartphones of activists in Bahrain with Pegasus. As noted in the Citizen Labs publication, the exploit was developed in response to Apple’s implementation of a new security mechanism in iOS 14 called BlastDoor. This mechanism seems to have made it impossible for the Pegasus creators to use another, earlier exploit – in the Citizen Labs publication, it is referred to as KISMET; he also exploited a vulnerability in iMessage that did not require any user interaction.

Apple has released fixes for two critical vulnerabilities through which Pegasus spyware was installed on iPhone, iPad and Watch

“As far as we know, the information about the KISMET vulnerability has never appeared in the public field, but we suspect that this vulnerability – if it still exists – can no longer be exploited due to the implementation of the BlastDoor mechanism in Apple iOS 14. We believe that NSO Group has developed FORCEDENTRY, an exploit to bypass BlastDoor, precisely in response to the emergence of this security system, ”reads the Citizen Lab publication. According to experts, FORCEDENTRY appeared no later than February 2021.

At the UN level

The NSO Group has been plagued by scandals in recent years over the fact that its Pegasus development is now and then found in the most inappropriate places. NSO claims that it sells Pegasus only to governments and only to fight the terrorist threat, but it has been proven many times that NSO clients – among which there are the most authoritarian and oppressive regimes – use Pegasus for total surveillance of people who have nothing to do with terrorism.

In early 2021, Amnesty International and several newspapers gained access to a list of 50,000 telephone numbers, which were monitored by Pegasus. Among the objects of surveillance were employees of The Associated Press, Reuters, CNN, The Wall Street Journal, Le Monde and The Financial Times. Pegasus has also been used to spy on more than 600 politicians and officials, 65 business executives and 85 human rights defenders. Moreover, the list even included the heads of several states.

NSO denies all charges. However, even last spring it became known, for example, that a former NSO Group employee used Pegasus to spy on his own mistress – and was caught red-handed.

In August of this year, UN Human Rights Council experts demanded a global moratorium on the distribution of spyware systems like the NSO Group’s Pegasus, as they are used too widely and without any restrictions to violate the basic rights of citizens.

“It is extremely dangerous and irresponsible to allow tracking technologies and the commercial sector to operate in an area where human rights do not function,” the experts said in a statement.

The Citizen Lab publication aptly describes the NSO Group as a “tyrant-as-a-service provider.” According to experts, the “fast growing and highly profitable” spyware market for intelligence agencies is in desperate need of regulation. Obviously, we are talking about international regulation – today, there is no special legislation that would determine the maximum permissible scale of the use of such programs.

“The prospect of the emergence of such legislation should not be overestimated,” believes Anastasia Melnikova, an information security expert at SEC Consult Services. – The reason is not that it is not relevant. But at the moment, international organizations, even the UN, do not have mechanisms to force states to begin to regulate the use of offensive weapons in cyberspace, as well as cyber espionage. Therefore, for now, all kinds of mercenaries are running the show here, serving everyone who pays the most. NSO Group may now have big troubles, including with the Israeli authorities, but even if this company is allowed to go around the world, others will immediately come in its place. ”

The expert added that the key factor that makes the existence of spyware possible is the abundance of vulnerabilities in the main mobile platforms and not always prompt elimination of them by vendors.

Since the beginning of 2021, according to Bleeping Computer, Apple has been forced to eliminate more than a dozen zero-day vulnerabilities – that is, already actively exploited – in the iOS and macOS operating systems.