No electronic device is immune to malware: they will always find a way to infiltrate by exploiting a security flaw. What manufacturers can do is regularly deliver updates to their applications and operating systems to plug the holes... and hope that a vulnerability has not been actively exploited before the patch.
Booty Messages
Apple, like all other manufacturers, is playing this game of cat and mouse. On February 10, the company released iOS 18.3.1, which originally contained only one fix—albeit an important one, since it addressed a zero-day vulnerability, meaning one that hackers had exploited before the patch was released.
The sheet has been updated with a second fix: another zero-day vulnerability affecting the Messages app. An image or video shared in the app via an iCloud link could allow an attacker to break into an iPhone. Apple states in the document that the vulnerability was exploited "in an extremely sophisticated manner" to target individuals.
It is unclear why Apple did not disclose the existence of this fix when iOS 18.3.1 was released. Security experts at Citizen Lab explain that the flaw was used against Ciro Pellegrino, an Italian journalist, as well as another European journalist. Both were notified by Apple at the very end of April that their iPhones had been targeted by an attack, along with around a hundred other users.
The two journalists were victims of the Paragon spyware, discovered earlier this year when WhatsApp alerted its users to the existence of this malware.
Source: CitizenLab
0 Comments