macOS and iOS: Zero-click Security Bug Finally Fixed
Apple cannot get core security right—this is only one of an endless parade of examples.
UPDATE Sept 29: at least three zero-day bugs (very serious) remain UNFIXED. There are probably many more.
Yet Apple now wants to insert a full-scale spying infrastructure into iOS and macOS? What a recipe for disaster, as all security experts agree on. Not just because it would embed spywar infrastructure to be abused at will, but that infrastructure itself could also be compromised.
Apple Issues Urgent Software Update to Patch Spyware Vulnerability
Apple users are being encouraged to update their devices after researchers discovered a security flaw that could allow hackers to secretly install spywarewithout targets knowing.
The company on Monday released an emergency patch to the vulnerability flaw that allowed advanced spyware to be installed into users’ Apple devices, including iPhones, iPads, Macs, and Apple Watches.
It comes after security researchers at Citizen Lab at the University of Toronto last month uncovered the security flaw that they believe has been used by government clients of Israeli spyware company NSO Group to secretly hack into devices since February.
...According to Citizen Lab, researchers found that in some cases, NSO Group’s Pegasus malware-infected targeted Apple devices without the users taking any action—what’s known as a zero-click vulnerability. The malware enables hackers to gather a target’s personal information and listen into and read calls and messages...
...The speed with which Apple was seeking to find a solution its operating system’s vulnerability highlighted the “absolute seriousness” of the Citizen Lab’s findings, researchers said.
...NSO Group was the focus of recent reports by a media consortium that found the company’s spyware tool Pegasus was used in several instances of successful or attempted phone hacks of business executives, human rights activists, and others around the world.
WIND: the real issue here that is not being debated: why are our spy agencies (NSA, CIA, FBI, etc) buying this stuff and use it, rather than protecting us? Do the benefits (top secret!) outweigh the risks to 200 million Americans, let alone the billions in the world?