|
FORCEDENTRY
FORCEDENTRY, also capitalized as ForcedEntry, is a security exploit allegedly developed by NSO Group to deploy their Pegasus spyware. It enables the "Zero-click attack, zero-click" exploit that is prevalent in iOS 13 and below, but also compromises recent safeguards set by Apple Inc., Apple's "BlastDoor" in iOS 14 and later. In September 2021, Apple released new versions of its operating systems for multiple device families containing a fix for the vulnerability. Exploit The exploit was discovered by Citizen Lab, who reported that the vulnerability has been used to target political dissidents and human rights activists. FORCEDENTRY appears to be the same as the attack previously detected and named "Megalodon" by Amnesty International. The exploit uses PDF files disguised as GIF files to inject JBIG2-encoded data to provoke an integer overflow in Apple's CoreGraphics system, circumventing Apple's "BlastDoor" Sandbox (computer security), sandbox for message content, introduced in i ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Pegasus (spyware)
Pegasus is spyware developed by the Israeli cyber-arms company NSO Group that can be covertly installed on mobile phones (and other devices) running most versions of iOS and Android. Pegasus is able to exploit iOS versions up to 14.7, through a zero-click exploit. As of 2022, Pegasus was capable of reading text messages, tracking calls, collecting passwords, location tracking, accessing the target device's microphone and camera, and harvesting information from apps. The spyware is named after Pegasus, the winged horse of Greek mythology. It is a Trojan horse computer virus that can be sent "flying through the air" to infect cell phones. Pegasus was discovered in August 2016 after a failed installation attempt on the iPhone of a human rights activist led to an investigation revealing details about the spyware, its abilities, as well as the security vulnerabilities it exploited. News of the spyware caused significant media coverage. It was called the "most sophisticated" sm ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
WatchOS
watchOS is the operating system of the Apple Watch, developed by Apple Inc. It is based on iOS, the operating system used by the iPhone, and has many similar features. It was released on April 24, 2015, along with the Apple Watch, the only device that runs watchOS. watchOS exposes an API called ''WatchKit'' for developer use. The second version, watchOS 2, included support for native third-party apps and other improvements, and was released on September 21, 2015. The third version, watchOS 3, was released on September 13, 2016, to emphasize better performance and include new watch faces and stock apps. The fourth version, watchOS 4, was released on September 19, 2017. The fifth version, watchOS 5, was released on September 17, 2018, to add more third-party support and new workouts, along with the "Walkie-Talkie" feature. The sixth version, watchOS 6, was released on September 19, 2019. The seventh version, watchOS 7, was released on September 16, 2020, to support handwashing an ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Pegasus Spyware
Pegasus is spyware developed by the Israeli cyber-arms company NSO Group that can be covertly installed on mobile phones (and other devices) running most versions of iOS and Android. Pegasus is able to exploit iOS versions up to 14.7, through a zero-click exploit. As of 2022, Pegasus was capable of reading text messages, tracking calls, collecting passwords, location tracking, accessing the target device's microphone and camera, and harvesting information from apps. The spyware is named after Pegasus, the winged horse of Greek mythology. It is a Trojan horse computer virus that can be sent "flying through the air" to infect cell phones. Pegasus was discovered in August 2016 after a failed installation attempt on the iPhone of a human rights activist led to an investigation revealing details about the spyware, its abilities, as well as the security vulnerabilities it exploited. News of the spyware caused significant media coverage. It was called the "most sophisticated" ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Project Zero
Project Zero is a team of security analysts employed by Google tasked with finding zero-day vulnerabilities. It was announced on 15 July 2014. History After finding a number of flaws in software used by many end-users while researching other problems, such as the critical "Heartbleed" vulnerability, Google decided to form a full-time team dedicated to finding such vulnerabilities, not only in Google software but any software used by its users. The new project was announced on 15 July 2014 on Google's security blog. When it launched, one of the principal innovations that Project Zero provided was a strict 90-day disclosure deadline along with a publicly visible bugtracker where the vulnerability disclosure process is documented. While the idea for Project Zero can be traced back to 2010, its establishment fits into the larger trend of Google's counter-surveillance initiatives in the wake of the 2013 global surveillance disclosures by Edward Snowden. The team was formerly heade ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Google Project Zero
Project Zero is a team of security analysts employed by Google tasked with finding zero-day vulnerabilities. It was announced on 15 July 2014. History After finding a number of flaws in software used by many end-users while researching other problems, such as the critical " Heartbleed" vulnerability, Google decided to form a full-time team dedicated to finding such vulnerabilities, not only in Google software but any software used by its users. The new project was announced on 15 July 2014 on Google's security blog. When it launched, one of the principal innovations that Project Zero provided was a strict 90-day disclosure deadline along with a publicly visible bugtracker where the vulnerability disclosure process is documented. While the idea for Project Zero can be traced back to 2010, its establishment fits into the larger trend of Google's counter-surveillance initiatives in the wake of the 2013 global surveillance disclosures by Edward Snowden. The team was formerly heade ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
IOS 14
iOS 14 is the fourteenth major release of the iOS mobile operating system developed by Apple Inc. for their iPhone and iPod Touch lines. Announced at the company's Worldwide Developers Conference on June 22, 2020 as the successor to iOS 13, it was released to the public on September 16, 2020. It was succeeded by iOS 15 on September 20, 2021. History Updates The first developer beta of iOS 14 was released on June 22, 2020 and the first public beta was released on July 9, 2020.The final beta, iOS 14 beta 8, was released on September 9, 2020. iOS 14 was officially released on September 16, 2020. There was no public beta testing of 14.1. System features App Clips App Clips are a new feature expanding on the functionality of the App Store. Intended as a dynamic feature rather than a permanently installed app, App Clips are extremely pared-back with very few OS permissions. At the time of the announcement, only the use of Apple Pay and Sign in with Apple were shown. App Clips ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
JBIG2
JBIG2 is an image compression standard for bi-level images, developed by the Joint Bi-level Image Experts Group. It is suitable for both lossless and lossy compression. According to a press release from the Group, in its lossless mode JBIG2 typically generates files 3–5 times smaller than Fax Group 4 and 2–4 times smaller than JBIG, the previous bi-level compression standard released by the Group. JBIG2 was published in 2000 as the international standard ITU T.88, and in 2001 as ISO/ IEC 14492. Functionality Ideally, a JBIG2 encoder will segment the input page into regions of text, regions of halftone images, and regions of other data. Regions that are neither text nor halftones are typically compressed using a context-dependent arithmetic coding algorithm called the MQ coder. Textual regions are compressed as follows: the foreground pixels in the regions are grouped into symbols. A dictionary of symbols is then created and encoded, typically also using context-dependent ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Security Exploit
An exploit (from the English verb ''to exploit'', meaning "to use something to one’s own advantage") is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized). Such behavior frequently includes things like gaining control of a computer system, allowing privilege escalation, or a denial-of-service (DoS or related DDoS) attack. In lay terms, some exploit is akin to a 'hack'. Classification There are several methods of classifying exploits. The most common is by how the exploit communicates to the vulnerable software. A ''remote exploit'' works over a network and exploits the security vulnerability without any prior access to the vulnerable system. A ''local exploit'' requires prior access to the vulnerable system and usually increases the privileges of the person running the exploit past tho ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
NSO Group
NSO Group Technologies (NSO standing for Niv, Shalev and Omri, the names of the company's founders) is an Israeli cyber-intelligence firm primarily known for its proprietary spyware Pegasus, which is capable of remote zero-click surveillance of smartphones. It employed almost 500 people as of 2017. NSO claims that it provides authorized governments with technology that helps them combat terror and crime. The company says that it deals with government clients only. ''Pegasus'' spyware is classified as a weapon by Israel and any export of the technology must be approved by the government. According to several reports, NSO Group spyware has been used to target human rights activists and journalists in various countries, was used for state espionage against Pakistan, for warrantless domestic surveillance of Israeli citizens by Israeli police, and played a role in the murder of Saudi dissident Jamal Khashoggi by agents of the Saudi government. In 2019, instant messaging company W ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Zero-click Attack
An exploit (from the English verb ''to exploit'', meaning "to use something to one’s own advantage") is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized). Such behavior frequently includes things like gaining control of a computer system, allowing privilege escalation, or a denial-of-service (DoS or related DDoS) attack. In lay terms, some exploit is akin to a 'hack'. Classification There are several methods of classifying exploits. The most common is by how the exploit communicates to the vulnerable software. A ''remote exploit'' works over a network and exploits the security vulnerability without any prior access to the vulnerable system. A ''local exploit'' requires prior access to the vulnerable system and usually increases the privileges of the person running the exploit past tho ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Citizen Lab
The Citizen Lab is an interdisciplinary laboratory based at the Munk School of Global Affairs at the University of Toronto, Canada. It was founded by Ronald Deibert in 2001. The laboratory studies information controls that impact the openness and security of the Internet and that pose threats to human rights. The organization uses a "mixed methods" approach which combines computer-generated interrogation, data mining, and analysis with intensive field research, qualitative social science, and legal and policy analysis methods. The Citizen Lab was a founding partner of the OpenNet Initiative (2002–2013) and the Information Warfare Monitor (2002–2012) projects. The organization also developed the original design of the Psiphon censorship circumvention software, which was spun out of the Lab into a private Canadian corporation ( Psiphon Inc.) in 2008. History In a 2009 report "Tracking GhostNet", researchers uncovered a suspected cyber espionage network of over 1,295 inf ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
MacOS Big Sur
macOS Big Sur (version 11) is the seventeenth major release of macOS, Apple Inc.'s operating system for Macintosh computers. It was announced at Apple's Worldwide Developers Conference (WWDC) on June 22, 2020, and was released to the public on November 12, 2020. Big Sur is the successor to macOS Catalina, and was succeeded by macOS Monterey, which was released on October 25, 2021. Most notably, macOS Big Sur features a user interface redesign that features new blurs to establish a visual hierarchy and also includes a revamp of the Time Machine backup mechanism, among other changes. It is also the first macOS version to support Macs with ARM-based processors. To mark the transition, the operating system's major version number was incremented, for the first time since 2000, from 10 to 11. The operating system is named after the coastal region of Big Sur in the Central Coast of California, continuing the naming trend of California locations that began with OS X Mavericks. D ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |