Fixes included are for flaws that could lead to malicious applications gaining root access, arbitrary code being executed with kernel privileges, and more. Dubbed "Synoptic Acanthopterygian" by Vulnonym, it's a use-after-free vulnerability that allows malicious web content processed by Apple's WebKit rendering engine – which Apple requires all browsers on iOS to use – to execute arbitrary code.Along with macOS 11.5 being released, security updates have arrived for both macOS Catalina and Mojave. The other bug patched by Apple, CVE-2021-30858, was reported by an unidentified researcher. "Regulation of this growing, highly profitable, and harmful marketplace is desperately needed." "Our latest discovery of yet another Apple zero day employed as part of NSO Group’s arsenal further illustrates that companies like NSO Group are facilitating 'despotism-as-a-service' for unaccountable government security agencies," Citizen Lab researchers said in a post on Monday. Amnesty International and French media protection org claim massive misuse of NSO spyware.NSO Group 'will no longer be responding to inquiries' about misuse of its software. Israeli authorities investigate NSO Group over Pegasus spyware abuse claims.
0 Comments
Leave a Reply. |