The IT Security Office is recommending that users immediately update their Apple devices to address a critical vulnerability.
Security researchers at The Citizen Lab [2] disclosed the vulnerability (dubbed FORCEDENTRY) and the exploit code to Apple on Tuesday, September 7, 2021. The Citizen Lab determined a software developer supplying national governments used the vulnerability to remotely exploit and infect the latest Apple devices with the Pegasus spyware. “This spyware can do everything an iPhone user can do on their device and more,” said John Scott-Railton, a senior researcher at Citizen Lab, to The New York Times.
Apple lists the vulnerability as CVE-2021-30860, and described it as a maliciously crafted PDF that could lead to arbitrary code execution.
Devices specifically affected are those with iOS and iPadOS versions prior to 14.8, all devices running macOS versions prior to OSX Big Sur 11.6, and all Apple Watch devices running watchOS 7.6.2 or earlier.
Visit security.duke.edu to learn more about the vulnerability and for update instructions. If you have questions about this update, please contact the OIT Service Desk at (919) 684-2200.
Posted Sep 14, 2021 - 11:24 EDT
This incident affected: Security (Security Alert).