The Indian Computer Emergency Response Team has issued a high-risk advisory to both Android and iOS users. The advisories are based on Android and iOS security bulletins. They come in the backdrop of Apple’s urgent update to fix new zero-day vulnerabilities. One vulnerability was being exploited by the Pegasus Spyware.
What’s the problem with iOS?
Apple became aware of a report that two vulnerabilities were being actively exploited. One vulnerability allowed hackers to execute arbitrary code using maliciously crafted web content. On the other hand, the second vulnerability leads to arbitrary code execution while processing a maliciously crafted PDF document.
Canada-based The Citizen Lab reported one of the vulnerabilities, which NSO Group’s Pegasus spyware was exploiting. In a blog, the firm said:
“We determined that the mercenary spyware company NSO Group used the vulnerability to remotely exploit and infect the latest Apple devices with the Pegasus spyware. We believe that FORCEDENTRY has been in use since at least February 2021.”
Which devices does the vulnerability affect?
The advisory lists the following devices whose software has the vulnerability, and their users need to download and install updates ASAP.
What’s the problem with Android OS?
Similar vulnerabilities exist in Google’s Android Operating System. These vulnerabilities could enable a local malicious application to bypass operating system protections that isolate application data from other applications. Further, they could bypass user interaction requirements to gain additional permissions.
Hackers could execute arbitrary code, gain elevated privileges, and obtain sensitive information from a user’s device. They could also cause a denial of service.