Apple on Monday released security updates for its iPhone, iPad, Apple Watch and Mac computers that close a vulnerability reportedly exploited by invasive spyware built by NSO Group, an Israeli security company.
The tech giant's security note for iOS 14.8 and iPadOS 14.8 says: "Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited." Apple also released WatchOS 7.6.2, MacOS Big Sur 11.6 and a security update for MacOS Catalina to address the vulnerability.
The fix, earlier reported by The New York Times,
stems from research done by The Citizen Lab, a public interest
cybersecurity group that found a Saudi activist's phone had been
infected with Pegasus, NSO Group's best-known product. According to
Citizen Lab, the zero-day zero-click exploit against iMessage, which it
nicknamed ForcedEntry, targets Apple's image rendering library and was
effective against the company's iPhones, laptops and Apple Watches. more