Apple patches iOS zero-day vulnerability exploited by Pegasus spyware

Apple on Thursday pushed out updates for older versions of its iOS and macOS operating systems, patching three zero-day vulnerabilities including a bug that was likely exploited in the wild by NSO Group's Pegasus spyware.

Earlier today, Apple issued iOS 12.5.5 with a fix for CoreGraphics flaw that allows attackers to execute arbitrary code on a target device through a maliciously crafted PDF. The vulnerability may have been exploited in the wild, according to a support document detailing the update's security content.Impacting a range of iPhone and iPad models, including iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and sixth-generation iPod touch, the CoreGraphics zero-day was discovered by Citizen Lab, an interdisciplinary laboratory at the University of Toronto's Munk School of Global Affairs. The group's involvement strongly suggests NSO deployed the exploit to deploy its Pegasus tool on target devices.

Read more...