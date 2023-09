US Cybersecurity and Infrastructure Security Agency (CISA) tau tshaj tawm lus ceeb toom rau tsoomfwv cov koomhaum, hais kom lawv hloov kho lawv cov iOS, iPadOS, thiab macOS li hauv ib hlis. Qhov no yog nyob rau hauv teb rau kev tshawb pom ntawm ob xoom-hnub qhov tsis zoo hauv Apple cov khoom lag luam uas tuaj yeem raug siv los ntawm spyware tawm tsam.

Thawj qhov tsis zoo, lub npe hu ua CVE-2023-41064, yog qhov tsis zoo ntawm qhov tsis txaus ntseeg hauv ImageIO. Nws tshwm sim thaum ua cov duab tshwj xeeb crafted thiab tuaj yeem ua rau kev ua txhaum cai. Qhov tsis zoo thib ob, CVE-2023-41061, yog qhov teeb meem siv tau hauv Apple Wallet. Kev ua phem ua qias tuaj yeem ua rau kev ua txhaum cai.

Citizen Lab, lub koom haum tsis muaj txiaj ntsig, tsis ntev los no tau tshawb pom cov teeb meem no ua ib feem ntawm kev siv cov saw hlau hu ua "BlastPass." Cov saw no tau siv los xa Pegasus spyware rau ib tus neeg ua haujlwm ntawm Washington-based pej xeem lub koom haum. Citizen Lab tau tshaj tawm tias qhov kev siv tau siv PassKit cov ntawv txuas nrog cov duab tsis zoo xa los ntawm iMessage.

Txawm hais tias nws tsis paub meej tias leej twg tso cai rau cov kev tawm tsam no, muaj kev txhawj xeeb tias lawv tseem tuaj yeem siv los tsom rau tsoomfwv Meskas cov tub ceev xwm yog tias ua los ntawm lub tebchaws tsis sib haum xeeb. Yav dhau los, zoo li spyware tawm tsam tau tshaj tawm, nrog cuaj tus neeg ua haujlwm hauv Lub Xeev Lub Tsev Haujlwm Saib Xyuas Kev Ruaj Ntseg tau lawv cov iPhones nyob deb ntawm kev nyiag hauv xyoo 2021.

Apple tau txiav txim siab los ua kev cai lij choj tawm tsam Israeli tuam txhab NSO Group, uas ntseeg tau tias yog lub luag haujlwm tsim thiab muag Pegasus spyware. NSO Group thov tias nws cov khoom tsim los rau kev tswj hwm kev cai lij choj thiab kev txawj ntse sib sau ua ke.

Txhawm rau txo qhov kev pheej hmoo ntawm spyware tawm tsam, tsoomfwv cov koomhaum muaj txog thaum Lub Kaum Hli 2 txhawm rau kho qhov pom qhov tsis zoo los ntawm cov neeg muag khoom hloov tshiab. Kev ua tsis tiav tuaj yeem ua rau tsis siv cov khoom Apple no.

Qhov chaw:

- "Tebchaws Asmeskas Cybersecurity thiab Infrastructure Security Agency (CISA) Hais kom Tam Sim No Patch of Known Apple Vulnerabilities" - CISA

- "BlastPass: Zero-Click Mobile Exploitation ntawm Apple's iMessage" - Citizen Lab