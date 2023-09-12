Buhay siyudad

Paglalahad ng Bagong Teknolohiya at ang Kapangyarihan ng AI

Teknolohiya

Hinihimok ng US Cybersecurity and Infrastructure Security Agency ang mga Pederal na Ahensya na I-tatch ang Mga Kilalang Kapintasan ng Apple

ByGabriel Botha

Septiyembre 12, 2023
Hinihimok ng US Cybersecurity and Infrastructure Security Agency ang mga Pederal na Ahensya na I-tatch ang Mga Kilalang Kapintasan ng Apple

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to federal agencies, urging them to update their iOS, iPadOS, and macOS devices within a month. This is in response to the discovery of two zero-day vulnerabilities in Apple products that could potentially be exploited by spyware attacks.

The first vulnerability, known as CVE-2023-41064, is a buffer overflow vulnerability in ImageIO. It occurs when processing a specially crafted image and could lead to code execution. The second vulnerability, CVE-2023-41061, is a validation issue in Apple Wallet. A maliciously crafted attachment could result in code execution.

Citizen Lab, a non-profit organization, recently discovered these vulnerabilities as part of an exploit chain called “BlastPass.” This chain was used to deliver the Pegasus spyware to an employee of a Washington-based civil society organization. Citizen Lab revealed that the exploit utilized PassKit attachments containing malicious images sent via iMessage.

While it is unclear who authorized these attacks, there is concern that they could also be used to target US government officials if carried out by a hostile nation. In the past, similar spyware attacks have been reported, with nine US State Department officials having their iPhones remotely hacked in 2021.

Apple has decided to take legal action against the Israeli firm NSO Group, who is believed to be responsible for developing and selling the Pegasus spyware. NSO Group claims that its products are intended for legitimate law enforcement and intelligence gathering purposes.

To mitigate the risk of spyware attacks, federal agencies have until October 2 to patch the discovered vulnerabilities through official vendor updates. Failure to do so may result in the discontinuation of using these Apple products.

Pinagmumulan:
– “The US Cybersecurity and Infrastructure Security Agency (CISA) Urges Immediate Patch of Known Apple Vulnerabilities” – CISA
– “BlastPass: Zero-Click Mobile Exploitation of Apple’s iMessage” – Citizen Lab

By Gabriel Botha

Kaugnay na Post

Teknolohiya

Ang Japan ay Bubuo ng Methane-Fueled Rocket Engine para sa 2030 na Paglulunsad

Septiyembre 16, 2023 Robert Andrew
Teknolohiya

Ang sale ng Discover Samsung: Kunin ang Samsung SmartThings Station sa halagang $1 lang!

Septiyembre 16, 2023 Mampho Brescia
Teknolohiya

The Art of Decluttering: Iwanan ang Sobra

Septiyembre 16, 2023 Gabriel Botha

Naiwan ka

agham

Ang Pagtuklas ng mga Stem Cell sa Spine ay Nagbabadya sa Paglaganap ng Tumor

Septiyembre 17, 2023 Gabriel Botha 0 Comments
agham

Nakuha ng Juno Mission ng NASA ang Nakamamanghang Larawan ng Jupiter at ng Bulkan nitong Buwan na Io

Septiyembre 17, 2023 Vicky Stavropoulou 0 Comments
agham

Ang United Arab Emirates Space Agency ay Nagtatakda ng mga Tanawin sa Asteroid Belt

Septiyembre 17, 2023 Mampho Brescia 0 Comments
agham

Ang Pinagmulan ng Vertebral Bones at ang kanilang Papel sa Tumor Metastasis

Septiyembre 17, 2023 Robert Andrew 0 Comments