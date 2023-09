US Cybersecurity and Infrastructure Security Agency (CISA) tau tshaj tawm tsab ntawv ceeb toom rau tsoomfwv cov koomhaum txhawm rau kho qhov tsis zoo ntawm kev nyab xeeb uas tau siv los ua ib feem ntawm xoom-nias iMessage siv cov saw hlau. Cov teeb meem no tau siv los kis iPhones nrog Pegasus spyware tsim los ntawm NSO Group. Qhov kev txiav txim no ua raws li kev tshaj tawm los ntawm Citizen Lab tias tag nrho-patched iPhones uas yog ib lub koom haum pej xeem hauv Washington DC tau raug cuam tshuam los ntawm kev siv cov saw hlau hu ua BLASTPASS, uas siv PassKit cov ntawv txuas nrog cov duab tsis zoo.

Citizen Lab kuj tau ceeb toom rau Apple cov neeg siv khoom siv tam sim ntawd hloov kho xwm txheej ceev uas tau tshaj tawm rau hnub Thursday. Lawv tau hais ntxiv rau cov tib neeg uas tuaj yeem raug cuam tshuam los ntawm kev tawm tsam vim yog lawv tus kheej lossis kev ua haujlwm kom qhib hom kev kaw cia.

Ob qhov tsis zoo, hu ua Image I/O thiab Wallet, tau taug qab raws li CVE-2023-41064 thiab CVE-2023-41061 raws li. Apple tau lees paub tsab ntawv ceeb toom ntawm kev siv zog ua haujlwm thiab txij li tau tso tawm kev kho rau cov kev tsis zoo no hauv qhov tseeb versions ntawm macOS Ventura, iOS, iPadOS, thiab watchOS. Cov kev hloov tshiab no hais txog kev tswj hwm kev nco thiab cov teeb meem logic uas tso cai rau cov neeg tawm tsam kom ua tiav cov cai ntawm cov khoom siv uas tsis tau patched.

CISA tau suav nrog ob qhov kev tiv thaiv kev nyab xeeb no hauv nws cov ntawv teev npe Paub Txog Kev Ua Phem Txhaum Cai, hais tias lawv tau raug tsom los ntawm cov neeg ua phem cyber thiab ua rau muaj kev pheej hmoo loj rau tsoomfwv cov tuam txhab. Raws li qhov tshwm sim, Tsoom Fwv Teb Chaws Asmeskas Tsoom Fwv Teb Chaws Saib Xyuas Kev Ua Haujlwm Saib Xyuas Kev Ua Haujlwm (FCEB) yuav tsum tau kho txhua qhov tsis zoo uas tau teev tseg hauv phau ntawv teev npe nyob rau lub sijhawm teev tseg, raws li daim ntawv qhia ua haujlwm (BOD 22-01) luam tawm thaum Lub Kaum Ib Hlis 2022. Nyob rau hauv lub teeb ntawm qhov hloov tshiab no , tsoom fwv cov koom haum yuav tsum muaj kev ruaj ntseg tsis zoo iOS, iPadOS, thiab macOS li ntawm lawv cov tes hauj lwm tiv thaiv CVE-2023-41064 thiab CVE-2023-41061 los ntawm Lub Kaum Hli 2nd, 2023.

Txawm hais tias cov lus qhia feem ntau siv rau tsoomfwv Meskas cov koomhaum, CISA xav qhia rau cov tuam txhab ntiag tug kom ua qhov tseem ceeb rau kev kho qhov tsis zoo no kom sai li sai tau. Apple tau nquag hais txog qhov tsis muaj teeb meem xoom-hnub hauv nws cov haujlwm ua haujlwm xyoo no, nrog rau tag nrho 13 kev siv dag zog tau kho txij li Lub Ib Hlis 2023.

Cov Ntsiab Lus:

- Zero-click exploit: Ib hom kev tawm tsam cyber uas tsis muaj cov neeg siv kev sib cuam tshuam yuav tsum tau ua rau qhov tsis muaj peev xwm raug siv.

- iMessage: Lub platform xa ntawv tsim los ntawm Apple rau nws cov khoom siv.

- Spyware: Cov software phem tsim los zais cov ntaub ntawv los ntawm lub hom phiaj ntaus ntawv lossis khoos phis tawj.

Qhov chaw:

– CISA

– Citizen Lab