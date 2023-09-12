US Cybersecurity and Infrastructure Security Agency (CISA) e fane ka temoso ho mekhatlo ea mmuso, e ba khothaletsa ho ntlafatsa lisebelisoa tsa bona tsa iOS, iPadOS, le macOS nakong ea khoeli. Sena ke karabelo ea ho sibolloa ha likotsi tse peli tsa matsatsi a zero lihlahisoa tsa Apple tse ka sebelisoang hampe ke litlhaselo tsa spyware.

Kotsi ea pele, e tsejoang ka hore ke CVE-2023-41064, ke ts'oaetso ea buffer ho ImageIO. E etsahala ha o sebetsana le setšoantšo se entsoeng ka mokhoa o khethehileng 'me se ka lebisa ho ts'ebetsong ea khoutu. Kotsi ea bobeli, CVE-2023-41061, ke taba ea netefatso ho Apple Wallet. Sehokelo se entsoeng ka lonya se ka fella ka ts'ebetso ea khoutu.

Citizen Lab, mokhatlo o sa etseng phaello, o sa tsoa sibolla bofokoli bona e le karolo ea ketane ea tlhekefetso e bitsoang "BlastPass." Ketane ena e ne e sebelisetsoa ho isa spyware ea Pegasus ho mosebeletsi oa mokhatlo oa sechaba o thehiloeng Washington. Citizen Lab e senotse hore tšebeliso e mpe e sebelisitse lihokelo tsa PassKit tse nang le litšoantšo tse mpe tse rometsoeng ka iMessage.

Leha ho sa hlake hore na ke mang ea lumelletseng litlhaselo tsena, ho na le ngongoreho ea hore li ka sebelisoa ho lebisa liofisiri tsa mmuso oa US haeba li etsoa ke naha e tletseng bora. Nakong e fetileng, ho ile ha tlalehoa litlhaselo tse tšoanang tsa spyware, ha liofisiri tse robong tsa Lefapha la Naha la US li na le li-iPhones tsa bona tse utsoitsoeng hole ka 2021.

Apple e nkile qeto ea ho nka mehato ea molao khahlanong le feme ea Isiraele ea NSO Group, eo ho lumeloang hore ke eona e ikarabellang bakeng sa ho nts'etsapele le ho rekisa spyware ea Pegasus. Sehlopha sa NSO se bolela hore lihlahisoa tsa eona li etselitsoe merero e molaong ea ts'ebetsong ea molao le ho bokella bohlale.

Ho fokotsa kotsi ea litlhaselo tsa spyware, mekhatlo ea mmuso e na le ho fihlela la 2 Mphalane ho lokisa bofokoli bo sibollotsoeng ka lintlafatso tsa semmuso tsa barekisi. Ho hloleha ho etsa joalo ho ka etsa hore ho khaotsoe ho sebelisa lihlahisoa tsena tsa Apple.

mehloling

- "The US Cybersecurity and Infrastructure Security Agency (CISA) e khothalletsa hang-hang Patch ea Likotsi tse Tsejoang tsa Apple" - CISA

- "BlastPass: Zero-Click Mobile Exploitation of Apple's iMessage" - Citizen Lab