- One of the two vulnerabilities is related to ImageIO, an Apple framework that allows apps to read and write most image file formats. “Processing a maliciously crafted image may lead to arbitrary code execution,” Apple said.
- The second is related to the Apple Wallet app. “A maliciously crafted attachment may result in arbitrary code execution,” Apple said. The vulnerability was discovered by Apple and yesterday’s announcement was a rare instance of the company publicly taking credit for finding a zero-day vulnerability, , a security researcher at Google’s Threat Analysis Group.
- In both cases, the company said, “Apple is aware of a report that this issue may have been actively exploited.”
Everybody go update your iPhones.
The new 0-click vuln exploited by NSO Group is sent via a malicious image in iMessage. https://t.co/ovRBDGa3wQ
— Eva (@evacide)
?UPDATE APPLE DEVICES ASAP – PHONES, IPADS, COMPUTERS, WATCHES?@citizenlab found an Apple exploit used in the wild that can compromise to watch/see/hear/spy thru Apple devices.
Exploit doesn’t require you to click, attacker just sends it via iMessage.https://t.co/ggiDBtOCDg
— Rachel Tobac (@RachelTobac)
- It prohibits U.S. agencies from “operationally” using commercial spyware when they find that it poses a national security or counterintelligence risk to the United States. It also bars U.S. government use of spyware when there’s a major risk that foreign governments use such tools to violate human rights or target Americans. (“Operational use” under the order means accessing a computer remotely without permission for purposes such as tracking locations or stealing information.)
- First discovered in 2016, the malware has been able to penetrate thousands of victim computers around the world and has allowed the group “to conduct a variety of malicious cyber activities, including ransomware,” the Treasury Department said. Researchers have previously identified the group as being active in cyberattacks against Ukraine.
- The United States and the U.K. coordinated on a related move in February that sanctioned seven other people allegedly tied to Trickbot, Conti and ransomware group Ryuk.
- “Today’s announcement shows our ongoing commitment to bringing the most heinous cybercriminals to justice — those who have devoted themselves to inflicting harm on the American public, our hospitals, schools, and businesses,” FBI Director Christopher A. Wray said of both the indictments and sanctions.
- ICC lead prosecutor Karim Khan wrote in what WIRED described as a “little-noticed article” published last month that his office will now investigate cybercrimes through the same lens of war crime allegations in the physical world.
- “Cyberwarfare does not play out in the abstract. Rather, it can have a profound impact on people’s lives,” Khan wrote. “Attempts to impact critical infrastructure such as medical facilities or control systems for power generation may result in immediate consequences for many, particularly the most vulnerable. Consequently, as part of its investigations, my Office will collect and review evidence of such conduct.”
- Representatives from the Human Rights Center at the University of California at Berkeley’s School of Law last spring urged ICC to consider war crime prosecutions related to Russian cyberattacks against Ukraine.
- Khan has separately said ICC is already investigating Russia for broader war crimes.
- The hackers have been using Twitter and Mastodon to lure victims into switching to various encrypted messaging platforms like Signal or WhatsApp, according to the report. “After establishing a relationship and moving to secure communication channels, the attackers send them malicious files designed to exploit the zero-day,” the Bleeping Computer report says.
- The vulnerability has been reported and is being patched by the software vendor, TAG said. North Korean hackers have targeted cybersecurity researchers for years, according to Google.
- Anne Neuberger, Eric Goldstein, Avril Haines and other cyber officials speak at the Billington Cybersecurity Summit in D.C. today.
This content was originally published here.