Apple has issued a critical warning to its users in India and 91 other countries regarding a potential attack by “mercenary spyware” on their devices. This sophisticated spyware aims to illegally access iPhones through advanced methods, similar to the infamous Pegasus from the NSO Group.
Here are the key points:
- Sophisticated Threat: Unlike common cyber threats, this attack is more complex and targeted.
- Pegasus Comparison: The spyware operates similarly to the notorious Pegasus, emphasizing its rarity and danger.
- Specific Targets: Attackers focus on iPhones linked to specific Apple IDs, possibly based on identity or profession.
- Apple’s Response: The company has updated its support page with advice for affected users.
- Previous Warnings: Apple previously alerted users about state-sponsored attacks in October 2023.
- CERT-In’s Warning: India’s national cybersecurity watchdog, CERT-In, also highlighted vulnerabilities in Apple products.
How to Secure Your Device:
- Secure Wi-Fi: Use secure and private Wi-Fi networks to prevent unauthorized access.
- Two-Factor Authentication (2FA): Activate 2FA for added credential protection.
- Safe Downloads: Install apps only from trusted sources (like the Apple App Store).
- Client-Side Rendering: Messaging apps render animated images on the client side (i.e., within the app itself). This means that the app decodes and displays the animation directly on the user’s device. The rendering process involves executing code embedded within the image, which can be exploited by malicious actors.
- Exploiting CGI (Common Gateway Interface): CGI scripts are used to generate dynamic content on web servers. Animated images can contain malicious CGI scripts that execute when the image is opened. Attackers can exploit this by embedding harmful code (e.g., JavaScript) within the animation frames.
- Regular Backups: Consistently back up your data to safeguard against loss.
In addition to the above, Smart Phone Sector can also work with cybersecurity experts to develop a comprehensive security plan that is tailored to their specific needs. Prime Infoserv LLP, a CERT-In empanelled security auditor is always ready to handle your security requirements with Governance, Risk and Compliance (GRC) services and Managed Security services (MSS).
Write to us at info@primeinfoserv.com or contact us at +913340085677 for queries about implementing a proactive approach and safeguarding your critical data. Make sure to follow our Facebook page as well as Instagram page for more information about us.