{"vulnerability": "CVE-2021-30860", "sightings": [{"uuid": "2b8a3f0c-716b-474f-ba58-4b06e8b0fab8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-30860", "type": "seen", "source": "MISP/f5030aca-7d5a-43a4-ae03-8f4ac8e85422", "content": "", "creation_timestamp": "2021-11-08T08:58:17.000000Z"}, {"uuid": "64e94fbc-d77e-4eb0-baa8-4dfddbd37985", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-30860", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2021-11-20T09:53:52.000000Z"}, {"uuid": "36cfd894-e57b-4af5-bbcd-24b67974cd0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-30860", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971147", "content": "", "creation_timestamp": "2024-12-24T20:24:57.015681Z"}, {"uuid": "21d00a70-788d-474c-8a3e-52d81de6ca27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2021-30860", "type": "seen", "source": "https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus_27/2021", "content": "", "creation_timestamp": "2021-09-13T21:38:00.000000Z"}, {"uuid": "7a2a4df9-030a-4919-86a3-c6398ff93e24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2021-30860", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=658", "content": "", "creation_timestamp": "2021-09-24T04:00:00.000000Z"}, {"uuid": "1119f98b-f237-4f63-99c8-4ab3d33d30c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-30860", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:09:55.000000Z"}, {"uuid": "0289e37a-a71e-4f41-a29a-317ed42816a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-30860", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/555", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aScan for evidence of CVE-2021-30860 (FORCEDENTRY) exploit\nURL\uff1ahttps://github.com/Levilutz/CVE-2021-30860", "creation_timestamp": "2021-09-18T22:20:13.000000Z"}, {"uuid": "e79056f4-e1dc-4789-8420-d7aa6efa4a62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2021-30860", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=646", "content": "", "creation_timestamp": "2021-09-14T04:00:00.000000Z"}, {"uuid": "0f860a17-252f-4ec1-8565-ea1221ef6f7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2021-30860", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/c6db78c6-b742-4dae-8507-8e235d2514a6", "content": "", "creation_timestamp": "2026-02-02T12:28:36.172768Z"}, {"uuid": "5811b104-ddb9-422e-a9a8-221d2f605b56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-30860", "type": "seen", "source": "https://bsky.app/profile/irc-was-better.bsky.social/post/3mis6xc5kmc2p", "content": "", "creation_timestamp": "2026-04-06T02:14:40.585086Z"}, {"uuid": "801d7260-87f3-4e9c-809c-582a607e9ed3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-30860", "type": "exploited", "source": "https://t.me/cKure/7082", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 Apple fixes \u201czero-click\u201d iMessage zero-day exploited to deliver spyware (CVE-2021-30860).\n\nApple has released security updates for macOS, iOS, iPadOS, watchOS and Safari that patch two vulnerabilities (CVE-2021-30860, CVE-2021-30858) that are being exploited in attacks in the wild. About the vulnerabilities (CVE-2021-30860, CVE-2021-30858) Active exploitation of CVE-2021-30860, a integer overflow bug that could be exploited via a maliciously crafted PDF to achieve execution of malicious code on vulnerable devices, was flagged by researchers with The Citizen Lab.\n\nhttps://www.helpnetsecurity.com/2021/09/14/cve-2021-30860/", "creation_timestamp": "2021-09-14T16:22:18.000000Z"}, {"uuid": "120982b3-21ca-4ebb-b29d-5edfc14446d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-30860", "type": "exploited", "source": "https://t.me/cKure/7075", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 CVE-2021-30860: Israel \ud83c\uddee\ud83c\uddf1 sponsored Cyber-Crime firm NSO's Pegasus gets a slap as its exploit ('ForcedEntry') is captured, reversed by Citizenlab.ca team and patched by Apple \ud83c\udf4e.\n\nhttps://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/", "creation_timestamp": "2021-09-13T20:48:27.000000Z"}, {"uuid": "a0c69780-9db7-4315-8bbb-c71c510e6edd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-30860", "type": "published-proof-of-concept", "source": "https://t.me/cKure/7140", "content": "\u25a0\u25a0\u25a1\u25a1\u25a1 Analysis of CVE-2021-30860.\n\nhttps://objective-see.com/blog/blog_0x67.html", "creation_timestamp": "2021-09-17T16:42:51.000000Z"}, {"uuid": "61cb5748-762d-4a49-975a-f26560cba0de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-30860", "type": "published-proof-of-concept", "source": "https://t.me/technical_private_cat/378", "content": "What is this spyware for anyway? \ud83e\uddf2\n\nAs we understand it is for surveillance.  \nBut who needs to be spied on and by whom? \n\nWell first of all the government. They need to spy on criminals or terrorists . \nBut besides that, they can use the spyware for other purposes and spy on any political or significant civilians without criminal activity. \nThis software can also be used for military purposes.  In addition to the government, private companies can also use these tools to spy on competitors and the like. \nIt is possible that some governments produce their own tools for targeted digital surveillance, many states buy the sophisticated technology for such surveillance from private companies. \nOf course, such tools may also be useful to some advanced attackers. \nFor example, to spy on and subsequently hack into companies, or individuals. \nUnfortunately, in many cases surveillance software is used not for its intended purpose (to catch criminals), but for the purposes of violating the privacy of ordinary people.\nNevertheless, spyware can be very useful in preventing many crimes\n\u2728\n\nNow let's look at the tools and the exploits \n\nThe first thing we want to talk about is the forcedentry exploit \ud83c\udf4f\n\nWhen analyzing a phone infected with Pegasus . We discovered a zero-day exploit with zero clicks for iMessage. The exploit, called forcedentry, targeted Apple's image rendering library and was effective against Apple iOS, macOS and WatchOS devices. \nThe payload included 27 identical copies of a .gif file, \"which was actually a 748-byte Adobe PSD file,\" with each copy causing IMTranscoderAgent to fail on the device. It also included four different .gif files that were actually \"Adobe PDF files containing a JBIG2 encoded stream.\"\nThis vulnerability has been assigned the number CVE-2021-30860  . \nThis vulnerability uses Apple's image rendering library, CoreGraphics, and does not require user intervention after opening a text message. \nApple has released a patch for this vulnerability: iPhone and iPad users should update to iOS 14.8 and iPadOS 14.8. \n\nHere's a scanner by the way if this vulnerability is on your device \nAlso here is an article explaining the details of this vulnerability , there will be a report about it and its discovery in the archive, also here is a detailed article about it \n\nI also want to tell you about an interesting spyware Predator, from Cytrox\ud83e\uddf2\n\nCytrox itself, founded in 2017 as providing governments with an \"operational cyber solution\" that involves collecting information from devices and cloud services. \n\nPitchbook defines their technology as \"cyber intelligence systems designed to keep governments safe\" and help them \"develop, manage and implement cyber intelligence collection across the network, allowing enterprises to collect intelligence from both endpoint devices and cloud services.\"\n\nPredator is developed by Cytrox and has been sold to the governments of several countries, including Armenia, Greece, etc. \nHowever, the perpetrators of the spyware attacks during 2021 are unknown. \nThe aim of the campaigns was to gain access to Android devices of specific targets. \nIn all cases, a link sent via email was used, mimicking a URL shortening service. When an unsuspecting victim clicked on the link, the browser was connected to a domain controlled by the cybercriminals, from which the malware was downloaded and which then displayed a legitimate site. \n\nWe are talking about the Alien malware, which downloads Predator, an espionage tool. The latter can perform various actions, including recording sound, adding certificates and hiding applications.\nIn August 2021, a zero-day vulnerability in Chrome, CVE-2021-38000 , was used to upload a domain address into the Samsung browser without user input. Then it used Chrome zero-day vulnerability CVE-2021-37973  and CVE-2021-37976  to bypass browser sandbox and download spyware onto the smartphone\ud83e\ude78.\n\n#spyware #browsers #cve #exploit", "creation_timestamp": "2022-12-15T10:04:56.000000Z"}, {"uuid": "1c27e425-3c25-4ac1-aab6-bc3b05426c2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-30860", "type": "exploited", "source": "https://t.me/technical_private_cat/374", "content": "\u0410 \u0434\u043b\u044f \u0447\u0435\u0433\u043e \u044d\u0442\u043e \u0448\u043f\u0438\u043e\u043d\u0441\u043a\u043e\u0435 \u041f\u041e \u0432\u043e\u043e\u0431\u0449\u0435 \u043d\u0443\u0436\u043d\u043e?\ud83e\uddf2\n\n\u041a\u0430\u043a \u043c\u044b \u043f\u043e\u043d\u0438\u043c\u0430\u0435\u043c \u044d\u0442\u043e \u043d\u0443\u0436\u043d\u043e \u0434\u043b\u044f \u0441\u043b\u0435\u0436\u043a\u0438.  \n\u041d\u043e \u0437\u0430 \u043a\u0435\u043c \u0438 \u043a\u043e\u043c\u0443 \u043d\u0443\u0436\u043d\u043e \u0441\u043b\u0435\u0434\u0438\u0442\u044c? \n\n\u041d\u0443 \u0432 \u043f\u0435\u0440\u0432\u0443\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c \u0433\u043e\u0441\u0443\u0434\u0430\u0440\u0441\u0442\u0432\u0443. \u0418\u043c \u043d\u0443\u0436\u043d\u043e \u0441\u043b\u0435\u0434\u0438\u0442\u044c \u0437\u0430 \u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u0438\u043a\u0430\u043c\u0438 \u0438\u043b\u0438 \u0442\u0435\u0440\u0440\u043e\u0440\u0438\u0441\u0442\u0430\u043c\u0438 . \n\u041d\u043e \u043a\u0440\u043e\u043c\u0435 \u044d\u0442\u043e\u0433\u043e \u043e\u043d\u0438 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0448\u043f\u0438\u043e\u043d\u0441\u043a\u043e\u0435 \u041f\u041e \u043d\u0435 \u043f\u043e \u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044e \u0438 \u0441\u043b\u0435\u0434\u0438\u0442\u044c \u0438 \u0437\u0430  \u043a\u0430\u043a\u0438\u043c\u0438 \u043b\u0438\u0431\u043e \u043f\u043e\u043b\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u043c\u0438 \u0438\u043b\u0438 \u0437\u043d\u0430\u0447\u0438\u043c\u044b\u043c\u0438 \u0433\u0440\u0430\u0436\u0434\u0430\u043d\u0441\u043a\u0438\u043c\u0438 \u043b\u0438\u0446\u0430\u043c\u0438 \u0431\u0435\u0437 \u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u043e\u0439 \u0434\u0435\u044f\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u0438 . \n\u0422\u0430\u043a \u0436\u0435 \u044d\u0442\u043e \u041f\u041e \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0432 \u0432\u043e\u0435\u043d\u043d\u044b\u0445 \u0446\u0435\u043b\u044f\u0445.  \u041f\u043e\u043c\u0438\u043c\u043e \u0433\u043e\u0441\u0443\u0434\u0430\u0440\u0441\u0442\u0432\u0430 \u044d\u0442\u0438 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u044b \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0447\u0430\u0441\u0442\u043d\u044b\u0435 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 - \u0414\u043b\u044f \u0441\u043b\u0435\u0436\u043a\u0438 \u0437\u0430 \u043a\u0430\u043a\u0438\u043c\u0438 \u043b\u0438\u0431\u043e \u043a\u043e\u043d\u043a\u0443\u0440\u0435\u043d\u0442\u0430\u043c\u0438 \u0438 \u043f\u043e\u0434\u043e\u0431\u043d\u043e\u0433\u043e. \n\u0412\u043f\u043e\u043b\u043d\u0435 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e, \u0447\u0442\u043e \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0430 \u0441\u0430\u043c\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u044f\u0442 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u044b \u0434\u043b\u044f \u0446\u0435\u043b\u0435\u0432\u043e\u0433\u043e \u0446\u0438\u0444\u0440\u043e\u0432\u043e\u0433\u043e \u043d\u0430\u0431\u043b\u044e\u0434\u0435\u043d\u0438\u044f, \u043c\u043d\u043e\u0433\u0438\u0435 \u0433\u043e\u0441\u0443\u0434\u0430\u0440\u0441\u0442\u0432\u0430 \u043f\u043e\u043a\u0443\u043f\u0430\u044e\u0442 \u0441\u043b\u043e\u0436\u043d\u044b\u0435 \u0442\u0435\u0445\u043d\u043e\u043b\u043e\u0433\u0438\u0438, \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u044e\u0449\u0438\u0435 \u0442\u0430\u043a\u043e\u0435 \u043d\u0430\u0431\u043b\u044e\u0434\u0435\u043d\u0438\u0435, \u0443 \u0447\u0430\u0441\u0442\u043d\u044b\u0445 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0439. \n\u041a\u043e\u043d\u0435\u0447\u043d\u043e \u0442\u0430\u043a\u0438\u0435 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u044b \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u043f\u043e\u043b\u0435\u0437\u043d\u044b \u0438 \u043a\u0430\u043a\u0438\u043c \u0442\u043e \u043f\u0440\u043e\u0434\u0432\u0438\u043d\u0443\u0442\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c . \n\u041a \u043f\u0440\u0438\u043c\u0435\u0440\u0443 \u0434\u043b\u044f \u0441\u043b\u0435\u0436\u043a\u0438 \u0438 \u0432\u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u0438 \u0432\u0437\u043b\u043e\u043c\u0430 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0439 , \u0438\u043b\u0438 \u0447\u0430\u0441\u0442\u043d\u044b\u0445 \u043b\u0438\u0446 . \n\u041a \u0441\u043e\u0436\u0430\u043b\u0435\u043d\u0438\u044e \u0432\u043e \u043c\u043d\u043e\u0433\u0438\u0445 \u0441\u043b\u0443\u0447\u0430\u044f\u0445 \u041f\u041e \u0434\u043b\u044f \u0441\u043b\u0435\u0436\u043a\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u043d\u0435 \u043f\u043e \u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044e (\u0434\u043b\u044f \u043b\u043e\u0432\u043b\u0438 \u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u0438\u043a\u043e\u0432 ) , \u0430 \u0434\u043b\u044f \u0441\u0432\u043e\u0438\u0445 \u0446\u0435\u043b\u0435\u0439 \u043d\u0430\u0440\u0443\u0448\u0430\u044e\u0449\u0438\u0445 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c \u043e\u0431\u044b\u0447\u043d\u044b\u0445 \u043b\u044e\u0434\u0435\u0439\n\u0422\u0435\u043c \u043d\u0435 \u043c\u0435\u043d\u0435\u0435 \u0448\u043f\u0438\u043e\u043d\u0441\u043a\u043e\u0435 \u041f\u041e \u043e\u0447\u0435\u043d\u044c \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u043c\u043e\u0447\u044c \u0432 \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u0438 \u043c\u043d\u043e\u0433\u0438\u0445 \u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043b\u0435\u043d\u0438\u0439 \n\u2728\n\n\u0422\u0435\u043f\u0435\u0440\u044c \u0440\u0430\u0437\u0431\u0435\u0440\u0435\u043c \u0441\u0430\u043c\u0438 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u044b \u0438 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u044b \n\n\u041f\u0435\u0440\u0432\u044b\u043c \u0434\u0435\u043b\u043e\u043c \u0445\u043e\u0447\u0435\u0442\u0441\u044f \u0440\u0430\u0441\u0441\u043a\u0430\u0437\u0430\u0442\u044c \u043f\u0440\u043e \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442 forcedentry\ud83c\udf4f\n\n\u041f\u0440\u0438 \u0430\u043d\u0430\u043b\u0438\u0437\u0435 \u0442\u0435\u043b\u0435\u0444\u043e\u043d\u0430, \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u043d\u043e\u0433\u043e Pegasus . \u041e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f \u0441 \u043d\u0443\u043b\u0435\u0432\u044b\u043c \u043a\u043b\u0438\u043a\u043e\u043c \u0434\u043b\u044f iMessage. \u042d\u043a\u0441\u043f\u043b\u043e\u0439\u0442, \u043d\u0430\u0437\u0432\u0430\u043b\u0438 forcedentry, \u043e\u043d \u043d\u0430\u0446\u0435\u043b\u0435\u043d \u043d\u0430 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0443 \u0440\u0435\u043d\u0434\u0435\u0440\u0438\u043d\u0433\u0430 \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u0439 Apple, \u0438 \u0431\u044b\u043b \u044d\u0444\u0444\u0435\u043a\u0442\u0438\u0432\u0435\u043d \u043f\u0440\u043e\u0442\u0438\u0432 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 Apple iOS, macOS \u0438 WatchOS. \n\u041f\u043e\u043b\u0435\u0437\u043d\u0430\u044f \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0430 \u0432\u043a\u043b\u044e\u0447\u0430\u043b\u0430 27 \u0438\u0434\u0435\u043d\u0442\u0438\u0447\u043d\u044b\u0445 \u043a\u043e\u043f\u0438\u0439 \u0444\u0430\u0439\u043b\u0430 \u0441 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u0435\u043c .gif, \u00ab\u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043d\u0430 \u0441\u0430\u043c\u043e\u043c \u0434\u0435\u043b\u0435 \u0431\u044b\u043b 748-\u0431\u0430\u0439\u0442\u043d\u044b\u043c \u0444\u0430\u0439\u043b\u043e\u043c Adobe PSD\u00bb, \u043f\u0440\u0438\u0447\u0435\u043c \u043a\u0430\u0436\u0434\u0430\u044f \u043a\u043e\u043f\u0438\u044f \u0432\u044b\u0437\u044b\u0432\u0430\u043b\u0430 \u0441\u0431\u043e\u0439 IMTranscoderAgent \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435. \u041e\u043d \u0442\u0430\u043a\u0436\u0435 \u0432\u043a\u043b\u044e\u0447\u0430\u043b \u0447\u0435\u0442\u044b\u0440\u0435 \u0440\u0430\u0437\u043d\u044b\u0445 \u0444\u0430\u0439\u043b\u0430 .gif, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043d\u0430 \u0441\u0430\u043c\u043e\u043c \u0434\u0435\u043b\u0435 \u0431\u044b\u043b\u0438 \"\u0444\u0430\u0439\u043b\u0430\u043c\u0438 Adobe PDF, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0438\u043c\u0438 \u043f\u043e\u0442\u043e\u043a \u0432 \u043a\u043e\u0434\u0438\u0440\u043e\u0432\u043a\u0435 JBIG2\".\n\u042d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u0440\u0438\u0441\u0432\u043e\u0438\u043b\u0438 \u043d\u043e\u043c\u0435\u0440 CVE-2021-30860 . \n\u042d\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0443 \u0440\u0435\u043d\u0434\u0435\u0440\u0438\u043d\u0433\u0430 \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u0439 Apple, CoreGraphics, \u0438 \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u0432\u043c\u0435\u0448\u0430\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u043f\u043e\u0441\u043b\u0435 \u043e\u0442\u043a\u0440\u044b\u0442\u0438\u044f \u0442\u0435\u043a\u0441\u0442\u043e\u0432\u043e\u0433\u043e \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f. \nApple \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438: \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c iPhone \u0438 iPad \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e iOS 14.8 \u0438 iPadOS 14.8. \n\u0412\u043e\u0442 \u043a\u0441\u0442\u0430\u0442\u0438 \u0441\u043a\u0430\u043d\u0435\u0440 \u0435\u0441\u0442\u044c \u043e\u043b\u0438 \u044d\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0430 \u0432\u0430\u0448\u0435\u043c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435 \n\u0422\u0430\u043a \u0436\u0435 \u0432\u043e\u0442 \u0441\u0442\u0430\u0442\u044c\u044f \u0441 \u043e\u0431\u044c\u044f\u0441\u043d\u0435\u043d\u0438\u0435 \u0442\u0435\u0445 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0435\u0439 \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438  , \u0432 \u0430\u0440\u0445\u0438\u0432\u0435 \u0431\u0443\u0434\u0435\u0442 \u043e\u0442\u0447\u0435\u0442 \u043e \u043d\u0435\u0439 \u0438 \u0435\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0435 , \u0435\u0449\u0435 \u0432\u043e\u0442 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u0430\u044f \u0441\u0442\u0430\u0442\u044c\u044f \u043e\u0431 \u044d\u0442\u043e\u043c \n\n\u0422\u0430\u043a \u0436\u0435 \u0445\u043e\u0447\u0443 \u0440\u0430\u0441\u0441\u043a\u0430\u0437\u0430\u0442\u044c \u043f\u0440\u043e \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u043e\u0435 \u0448\u043f\u0438\u043e\u043d\u0441\u043a\u043e\u0435 \u041f\u041e Predator, \u043e\u0442 Cytrox\ud83e\uddf2\n\n\u0421\u0430\u043c\u0430 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Cytrox, \u043e\u0441\u043d\u043e\u0432\u0430\u043d\u0430 \u0432 2017 \u0433\u043e\u0434\u0443 \u043a\u0430\u043a \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0430\u043c \"\u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0433\u043e \u043a\u0438\u0431\u0435\u0440\u0440\u0435\u0448\u0435\u043d\u0438\u044f\", \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u0432\u043a\u043b\u044e\u0447\u0430\u0435\u0442 \u0441\u0431\u043e\u0440 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0441 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u0438 \u043e\u0431\u043b\u0430\u0447\u043d\u044b\u0445 \u0441\u0435\u0440\u0432\u0438\u0441\u043e\u0432. \n\n\u0412 Pitchbook \u0438\u0445 \u0442\u0435\u0445\u043d\u043e\u043b\u043e\u0433\u0438\u0438 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u044f\u044e\u0442\u0441\u044f \u043a\u0430\u043a \"\u0441\u0438\u0441\u0442\u0435\u043c\u044b \u043a\u0438\u0431\u0435\u0440\u0440\u0430\u0437\u0432\u0435\u0434\u043a\u0438, \u043f\u0440\u0435\u0434\u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u043d\u044b\u0435 \u0434\u043b\u044f \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438\" \u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432 \u0438 \u043f\u043e\u043c\u043e\u0449\u0438 \u0432 \"\u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0435, \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0438 \u0438 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0438 \u0441\u0431\u043e\u0440\u0430 \u043a\u0438\u0431\u0435\u0440\u0440\u0430\u0437\u0432\u0435\u0434\u043a\u0438 \u0432 \u0441\u0435\u0442\u0438, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u0440\u0435\u0434\u043f\u0440\u0438\u044f\u0442\u0438\u044f\u043c \u0441\u043e\u0431\u0438\u0440\u0430\u0442\u044c \u0440\u0430\u0437\u0432\u0435\u0434\u0434\u0430\u043d\u043d\u044b\u0435 \u043a\u0430\u043a \u0441 \u043a\u043e\u043d\u0435\u0447\u043d\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432, \u0442\u0430\u043a \u0438 \u0438\u0437 \u043e\u0431\u043b\u0430\u0447\u043d\u044b\u0445 \u0441\u0435\u0440\u0432\u0438\u0441\u043e\u0432\"\n\nPredator \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043d \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0435\u0439 Cytrox \u0438 \u043f\u0440\u043e\u0434\u0430\u043d \u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0430\u043c \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u0441\u0442\u0440\u0430\u043d, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0410\u0440\u043c\u0435\u043d\u0438\u044e, \u0413\u0440\u0435\u0446\u0438\u044e \u0438 \u0442\u0434. \n\u041e\u0434\u043d\u0430\u043a\u043e \u043b\u0438\u0446\u0430, \u0441\u043e\u0432\u0435\u0440\u0448\u0438\u0432\u0448\u0438\u0435 \u0448\u043f\u0438\u043e\u043d\u0441\u043a\u0438\u0435 \u0430\u0442\u0430\u043a\u0438 \u0432 \u0442\u0435\u0447\u0435\u043d\u0438\u0435 2021 \u0433\u043e\u0434\u0430, \u043d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b. \n\u0426\u0435\u043b\u044c\u044e \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0439 \u0431\u044b\u043b\u043e \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a Android-\u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u044b\u0445 \u0446\u0435\u043b\u0435\u0439. \n\u0412\u043e \u0432\u0441\u0435\u0445 \u0441\u043b\u0443\u0447\u0430\u044f\u0445 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0441\u0441\u044b\u043b\u043a\u0430, \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0430\u044f \u043f\u043e \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043f\u043e\u0447\u0442\u0435 \u0438 \u0438\u043c\u0438\u0442\u0438\u0440\u0443\u044e\u0449\u0430\u044f \u0441\u043b\u0443\u0436\u0431\u0443 \u0441\u043e\u043a\u0440\u0430\u0449\u0435\u043d\u0438\u044f URL-\u0430\u0434\u0440\u0435\u0441\u043e\u0432. \u041a\u043e\u0433\u0434\u0430 \u043d\u0438\u0447\u0435\u0433\u043e \u043d\u0435 \u043f\u043e\u0434\u043e\u0437\u0440\u0435\u0432\u0430\u044e\u0449\u0430\u044f \u0436\u0435\u0440\u0442\u0432\u0430 \u043d\u0430\u0436\u0438\u043c\u0430\u043b\u0430 \u043d\u0430 \u0441\u0441\u044b\u043b\u043a\u0443, \u0431\u0440\u0430\u0443\u0437\u0435\u0440 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u043b\u0441\u044f \u043a \u0434\u043e\u043c\u0435\u043d\u0443, \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u043c\u043e\u043c\u0443 \u043a\u0438\u0431\u0435\u0440\u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u0438\u043a\u0430\u043c\u0438, \u0441 \u043a\u043e\u0442\u043e\u0440\u043e\u0433\u043e \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u043b\u043e\u0441\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0435 \u041f\u041e, \u043f\u043e\u0441\u043b\u0435 \u0447\u0435\u0433\u043e \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0430\u043b\u0441\u044f \u043b\u0435\u0433\u0438\u0442\u0438\u043c\u043d\u044b\u0439 \u0441\u0430\u0439\u0442. \n\n\u0420\u0435\u0447\u044c \u0438\u0434\u0435\u0442 \u043e \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0439 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0435 Alien, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0435\u0442 Predator, \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 \u0434\u043b\u044f \u0448\u043f\u0438\u043e\u043d\u0430\u0436\u0430. \u041f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0439 \u043c\u043e\u0436\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0437\u0430\u043f\u0438\u0441\u044c \u0437\u0432\u0443\u043a\u0430, \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0432 \u0438 \u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439.\n\u0412 \u0430\u0432\u0433\u0443\u0441\u0442\u0435 2021 \u0433\u043e\u0434\u0430, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f \u0432 Chrome CVE-2021-38000 \u0434\u043b\u044f \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0430\u0434\u0440\u0435\u0441\u0430 \u0434\u043e\u043c\u0435\u043d\u0430 \u0432 \u0431\u0440\u0430\u0443\u0437\u0435\u0440 Samsung \u0431\u0435\u0437 \u0443\u0447\u0430\u0441\u0442\u0438\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f. \u041f\u043e\u0442\u043e\u043c \u044e\u0437\u0430\u043b\u0430\u0441\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f \u0432 Chrome CVE-2021-37973 \u0438 CVE-2021-37976 \u0434\u043b\u044f \u043e\u0431\u0445\u043e\u0434\u0430 \"\u043f\u0435\u0441\u043e\u0447\u043d\u0438\u0446\u044b\" \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 \u0438 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0448\u043f\u0438\u043e\u043d\u0441\u043a\u043e\u0433\u043e \u041f\u041e \u043d\u0430 \u0441\u043c\u0430\u0440\u0442\u0444\u043e\u043d\ud83e\ude78\n\n#spyware  #cve #exploit #tools", "creation_timestamp": "2023-02-01T04:39:41.000000Z"}, {"uuid": "b13431bc-0579-4ef7-91ac-ecd2cf994193", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-30860", "type": "exploited", "source": "https://t.me/alexmakus/4288", "content": "\u041e\u043a, \u0434\u0435\u0442\u0430\u043b\u0438 \u043e \u0444\u0438\u043a\u0441\u0430\u0445 \u0432\u043e \u0432\u0447\u0435\u0440\u0430\u0448\u043d\u0435\u043c \u0430\u043f\u0434\u0435\u0439\u0442\u0435 \u0434\u043b\u044f \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043e\u043a Apple, \u0433\u0434\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0438 zero-day, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0439 NSO \u0434\u043b\u044f \u0432\u0437\u043b\u043e\u043c\u0430 iPhone. \n\n\u0432\u0436\u0443\u0445! \nDevices affected by CVE-2021-30860 per Apple:\nAll iPhones with iOS versions prior to 14.8, All Mac computers with operating system versions prior to OSX Big Sur 11.6, Security Update 2021-005 Catalina, and all Apple Watches prior to watchOS 7.6.2.\n\nhttps://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/", "creation_timestamp": "2021-09-14T13:03:03.000000Z"}, {"uuid": "fc78ee96-1a62-44c8-b840-0d0bc7bdd099", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-30860", "type": "seen", "source": "https://t.me/itsec_news/515", "content": "\u200b\ud83d\udcc8 \u0412 2021-\u043e\u043c \u0433\u043e\u0434\u0443 Google \u0437\u0430\u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043b\u0430 \u0440\u0435\u043a\u043e\u0440\u0434\u043d\u044b\u0435 58 0Day-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439.\n\n\ud83d\udcac \u0412 \u043f\u0440\u043e\u0448\u043b\u043e\u043c \u0433\u043e\u0434\u0443 Google \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 58 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445. \u042d\u0442\u043e \u0440\u0435\u043a\u043e\u0440\u0434\u043d\u043e\u0435 \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e, \u0437\u0430\u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u043e\u0439 Project Zero \u0441 \u043d\u0430\u0447\u0430\u043b\u0430 \u0435\u0451 \u0440\u0430\u0431\u043e\u0442\u044b \u0432 \u0441\u0435\u0440\u0435\u0434\u0438\u043d\u0435 2014-\u0433\u043e \u0433\u043e\u0434\u0430. \u041f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0438\u0439 \u0440\u0435\u043a\u043e\u0440\u0434 \u0441\u043e\u0441\u0442\u0430\u0432\u0438\u043b 28 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0445 \u0432 2015-\u043e\u043c \u0433\u043e\u0434\u0443.\n\n\u0414\u0432\u0435 \u043f\u0440\u043e\u0448\u043b\u043e\u0433\u043e\u0434\u043d\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f \u043f\u0440\u0438\u0432\u043b\u0435\u043a\u043b\u0438 \u043e\u0441\u043e\u0431\u043e\u0435 \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435. \u041e\u0434\u043d\u043e\u0439 \u0438\u0437 \u043d\u0438\u0445 (CVE-2021-30860) \u0431\u044b\u043b\u0430 zero-click \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 iMessage. \u041e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u044b \u0448\u043f\u0438\u043e\u043d\u0441\u043a\u043e\u0433\u043e \u041f\u041e Pegasus \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u044d\u0442\u0443 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u0441 \u0446\u0435\u043b\u044c\u044e \u0437\u0430\u0440\u0430\u0437\u0438\u0442\u044c \u0442\u0435\u043b\u0435\u0444\u043e\u043d\u044b \u0436\u0435\u0440\u0442\u0432, \u0438\u0437\u0432\u043b\u0435\u0447\u044c \u0434\u0430\u043d\u043d\u044b\u0435 \u0438 \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0438\u0442\u044c \u0434\u0440\u0443\u0433\u043e\u0439 \u0448\u043f\u0438\u043e\u043d\u0430\u0436.\n\n\u0412\u0442\u043e\u0440\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u044b\u043b\u0430 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u043e\u0431\u0435\u0433\u043e\u043c \u0438\u0437 \u043f\u0435\u0441\u043e\u0447\u043d\u0438\u0446\u044b \u0432 iOS. \u042d\u043a\u0441\u043f\u043b\u043e\u0438\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b \u0442\u043e\u043b\u044c\u043a\u043e \u043b\u043e\u0433\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438, \u0430 \u043d\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 \u043f\u043e\u0432\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044f \u043f\u0430\u043c\u044f\u0442\u0438, \u2014 \u0447\u0442\u043e\u0431\u044b \u0432\u044b\u0439\u0442\u0438 \u0438\u0437 \u043f\u0435\u0441\u043e\u0447\u043d\u0438\u0446\u044b.\n\n\u0412 web-\u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0435 Chromium \u0432 2021-\u043e\u043c \u0433\u043e\u0434\u0443 \u0431\u044b\u043b\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043e \u0440\u0435\u043a\u043e\u0440\u0434\u043d\u043e\u0435 \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f \u2014 14. \u0418\u0437 14-\u0442\u0438 \u043f\u0440\u043e\u0431\u043b\u0435\u043c 10 \u0431\u044b\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c\u0438 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0432 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0435 \u0432\u0438\u0437\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438, 2 \u0431\u044b\u043b\u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u044b \u0441 \u043f\u043e\u0431\u0435\u0433\u043e\u043c \u0438\u0437 \u043f\u0435\u0441\u043e\u0447\u043d\u0438\u0446\u044b, 1 \u2014 \u0441 \u0443\u0442\u0435\u0447\u043a\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0438 \u0435\u0449\u0435 1 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0434\u043b\u044f \u043e\u0442\u043a\u0440\u044b\u0442\u0438\u044f web-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b \u0432 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f\u0445 Android, \u043e\u0442\u043b\u0438\u0447\u043d\u044b\u0445 \u043e\u0442 Google Chrome.\n\n#Google #\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2022-04-21T13:22:12.000000Z"}, {"uuid": "f4af854a-f2ba-427e-a3ff-b2c8cfcc53ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-30860", "type": "published-proof-of-concept", "source": "https://t.me/m1swarr1or/32", "content": "Wow! \u0412\u044b\u0448\u043b\u0430 \u0441\u0442\u0430\u0442\u044c\u044f \u043f\u043e \u0440\u0430\u0437\u0431\u043e\u0440\u0443 CVE-2021-30860.\nRCE \u0432 CoreGraphics \u043b\u0438\u0431\u0435. (Apple)\n\nhttps://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html\n\n\u042d\u0442\u043e \u0442\u043e\u043b\u044c\u043a\u043e 1 \u0447\u0430\u0441\u0442\u044c, \u043e\u0431\u0435\u0449\u0430\u043b\u0438 \u0435\u0449\u0451 \u0432\u0442\u043e\u0440\u0443\u044e :)\n\n#blog", "creation_timestamp": "2024-08-30T04:35:40.000000Z"}, {"uuid": "956f9c06-e121-4b29-8b00-b35523c320fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-30860", "type": "exploited", "source": "https://t.me/alexmakus/4286", "content": "\u0432\u044b\u0448\u043b\u0438 \u0430\u043f\u0434\u0435\u0439\u0442\u044b \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438:\niOS 14.8\niPadOS 14.8\nwatchOS 7.6.2\nmacOS Big Sur 11.6\n\n\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b \u0434\u0432\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438:\nCVE-2021-30860\nCVE-2021-30858\n\n\u043a\u0430\u043a \u044d\u0442\u043e \u0447\u0430\u0441\u0442\u043e \u0431\u044b\u0432\u0430\u0435\u0442 \u0432 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0435 \u0432\u0440\u0435\u043c\u044f, \u00abApple is aware of a report that this issue may have been actively exploited.\u00bb\n\n\u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043e\u0434\u043d\u0443 \u0438\u0437 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043e\u0442\u0440\u0435\u043f\u043e\u0440\u0442\u0438\u043b\u0438 Citizen Lab, \u0442\u043e, \u043f\u043e\u0445\u043e\u0436\u0435, \u044d\u0442\u043e \u043d\u0430\u043a\u043e\u043d\u0435\u0446-\u0442\u043e \u043f\u043e\u043b\u043d\u043e\u0446\u0435\u043d\u043d\u044b\u0439 \u0444\u0438\u043a\u0441 \u0434\u044b\u0440\u044b, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0430 NSO, \u0438 \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043e\u0431\u0445\u043e\u0434\u0438\u043b\u0430 Blastdoor \u0437\u0430\u0449\u0438\u0442\u0443 \u0432 Messages", "creation_timestamp": "2021-09-13T17:41:24.000000Z"}, {"uuid": "037e9563-cd2f-44e7-b450-593ff1363762", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-30860", "type": "exploited", "source": "Telegram/20LfuZvljX72HsTVGJ40ZjAlvu_7fmw5vW-9YZUXJY3qsvXr", "content": "", "creation_timestamp": "2025-02-06T02:39:17.000000Z"}, {"uuid": "100bc1b1-92ac-4e02-8812-2da4f3c47c57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-30860", "type": "exploited", "source": "https://t.me/Teamx1945x/1042", "content": "FORCEDENTRY - NSO Group iMessage Zero-Click Exploit \u062a\u0645 \u0627\u0644\u062a\u0642\u0627\u0637\u0647\u0627 \u0641\u064a \u0627\u0644\u0628\u0631\u064a\u0629 (CVE-2021-30860 - \u0642\u062f \u062a\u0624\u062f\u064a \u0645\u0639\u0627\u0644\u062c\u0629 \u0645\u0644\u0641 PDF \u062a\u0645 \u0625\u0639\u062f\u0627\u062f\u0647 \u0628\u0634\u0643\u0644 \u0636\u0627\u0631 \u0625\u0644\u0649 \u062a\u0646\u0641\u064a\u0630 \u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0628\u0631\u0645\u062c\u064a\u0629 \u0639\u0634\u0648\u0627\u0626\u064a\u0629)\n https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/", "creation_timestamp": "2024-03-29T18:27:13.000000Z"}, {"uuid": "df212757-777a-4480-ae8c-920d882840a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-30860", "type": "exploited", "source": "https://t.me/freelearningtech/257", "content": "https://www.linkedin.com/posts/cybritexsecurity_cve-2021-30860-the-flaw-and-fix-of-a-zero-click-activity-6851480885175361536-dufI\n\n[CVE-2021-30860] The flaw and fix of a zero-click iOS vulnerability, exploited in the wild", "creation_timestamp": "2021-10-06T13:46:04.000000Z"}, {"uuid": "057031dd-1d90-44a0-ac39-a8b37c545f2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-30860", "type": "exploited", "source": "Telegram/mrFRrRKCl_n8FdLnqbmec-iIFw1T11MEK0-tMGi4Xa9AaA", "content": "", "creation_timestamp": "2023-11-22T10:37:30.000000Z"}, {"uuid": "db06f0db-62ff-42f4-b16f-358f8611fde8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-30860", "type": "exploited", "source": "https://t.me/arpsyndicate/943", "content": "#ExploitObserverAlert\n\nCVE-2021-30860\n\nDESCRIPTION: Exploit Observer has 32 entries related to CVE-2021-30860. An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.\n\nFIRST-EPSS: 0.001400000\nNVD-IS: 5.9\nNVD-ES: 1.8", "creation_timestamp": "2023-12-03T13:33:10.000000Z"}, {"uuid": "b08f2de4-8009-450e-b2d5-c4d079511150", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-30860", "type": "exploited", "source": "https://t.me/androidMalware/1303", "content": "FORCEDENTRY - NSO Group iMessage Zero-Click Exploit Captured in the Wild (CVE-2021-30860 - processing a maliciously crafted PDF may lead to arbitrary code execution)\nhttps://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/", "creation_timestamp": "2022-04-08T21:11:13.000000Z"}, {"uuid": "ca6258ac-3a34-404c-9e17-cecff82c86e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-30860", "type": "exploited", "source": "https://t.me/hacker_trick/205", "content": "Scan for evidence of #CVE-2021-30860 (FORCEDENTRY) exploit\n\nhttps://github.com/Levilutz/CVE-2021-30860", "creation_timestamp": "2021-09-22T14:29:34.000000Z"}, {"uuid": "eb919b69-8c13-447b-a29b-ae759d5d4cde", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-30860", "type": "exploited", "source": "https://t.me/auraxchan/25489", "content": "NSO Group iMessage Zero-Click Exploit Captured in the Wild (Citizen Lab)\n\n-While analyzing the phone of a Saudi activist infected with NSO Group\u2019s Pegasus spyware, we discovered a zero-day zero-click exploit against iMessage. The exploit, which we call FORCEDENTRY, targets Apple\u2019s image rendering library, and was effective against Apple iOS, MacOS and WatchOS devices.\n- We determined that the mercenary spyware company NSO Group used the vulnerability to remotely exploit and infect the latest Apple devices with the Pegasus spyware. We believe that FORCEDENTRY\u00a0has been in use since at least February 2021.\n- The Citizen Lab disclosed the vulnerability and code to Apple, which has assigned the FORCEDENTRY\u00a0vulnerability CVE-2021-30860 and describes the vulnerability as \u201cprocessing a maliciously crafted PDF may lead to arbitrary code execution.\u201d\n- September 13th, Apple is released an update.\n\n@auraxchan\nhttps://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/", "creation_timestamp": "2021-09-14T10:07:59.000000Z"}, {"uuid": "2f71fdd2-3ebc-47ef-a575-6ce48eb37991", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-30860", "type": "published-proof-of-concept", "source": "Telegram/pG2lTac29xYIFLDlccNIA62UGqSbTzllpk_oSXNqc1nMtg", "content": "", "creation_timestamp": "2021-09-22T23:58:46.000000Z"}, {"uuid": "b3bfc185-d395-4377-813c-99f4d53ab4c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-30860", "type": "exploited", "source": "https://t.me/true_secator/2099", "content": "\u041d\u0435 \u0447\u0430\u0441\u0442\u043e \u0443\u0441\u043b\u044b\u0448\u0438\u0448\u044c \u043e\u0442 Apple \u043f\u0440\u0438\u0437\u043d\u0430\u043d\u0438\u0435 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0433\u0440\u043e\u0437 \u0432 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0441\u0432\u043e\u0435\u0439 OS. \u0418 \u043d\u0435 \u043d\u0443\u0436\u043d\u043e, \u0432\u0441\u0435 \u0438 \u0442\u0430\u043a \u043f\u043e\u043d\u044f\u0442\u043d\u043e.\n\nApple \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043f\u0430\u0442\u0447\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0434\u043b\u044f iOS \u0438 macOS \u0441 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u0435\u043c \u043e \u0442\u043e\u043c, \u0447\u0442\u043e \u0443\u0433\u0440\u043e\u0437\u044b \u043e\u0442\u043d\u043e\u0441\u044f\u0442\u0441\u044f \u043a \u043a\u0430\u0442\u0435\u0433\u043e\u0440\u0438\u0438 \u00ab\u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445\u00bb zeroday. \u041f\u0440\u0438\u043c\u0435\u0447\u0430\u0442\u0435\u043b\u044c\u043d\u043e, \u0447\u0442\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u043e\u043f\u0430\u043b\u0438 \u0432 \u0441\u0432\u0435\u0442 \u0441\u043e\u0432\u0441\u0435\u043c \u043d\u0435\u0437\u0430\u0434\u043e\u043b\u0433\u043e \u0434\u043e \u043f\u0440\u0435\u0437\u0435\u043d\u0442\u0430\u0446\u0438\u0438 \u043d\u043e\u0432\u043e\u0439 \u043b\u0438\u043d\u0435\u0439\u043a\u0438 \u0434\u0435\u0432\u0430\u0439\u0441\u043e\u0432.\n\n\u0421\u0442\u0430\u043b\u043e \u043f\u043e\u043d\u044f\u0442\u043d\u043e \u043f\u043e\u0447\u0435\u043c\u0443 Apple \u043d\u0435 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u0438\u043b\u0430 \u043d\u0438\u043a\u0430\u043a\u0438\u0445 \u0441\u0432\u0435\u0434\u0435\u043d\u0438\u0439 \u043e \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445, \u0438\u0431\u043e \u0441\u0432\u044f\u0437\u0430\u043d\u043e \u0432\u0441\u0435 \u0441\u043e \u0448\u043f\u0438\u043e\u043d\u0441\u043a\u0438\u043c\u0438 \u043f\u043e\u043b\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u043c\u0438 \u0438\u0433\u0440\u0438\u0449\u0430\u043c\u0438, \u0441 \u043a\u043e\u0442\u043e\u0440\u044b\u043c\u0438 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0441\u0435\u0431\u044f \u0430\u0441\u0441\u043e\u0446\u0438\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043d\u0438\u043a\u0430\u043a \u043d\u0435 \u0445\u043e\u0447\u0435\u0442. \n\n\u0421\u043f\u0430\u0441\u0438\u0431\u043e \u0440\u0435\u0431\u044f\u0442\u0430\u043c \u0438\u0437 Citizen Lab, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u0438\u043b\u0438 \u0434\u043e\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0430, \u0441\u0432\u044f\u0437\u044b\u0432\u0430\u044e\u0449\u0438\u0435 \u043d\u043e\u0432\u044b\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u044b KISMET \u0438 FORCEDENTRY \u0441 \u0448\u043f\u0438\u043e\u043d\u0441\u043a\u0438\u043c \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u043c Pegasus \u043e\u0442 \u0441\u043a\u0430\u043d\u0434\u0430\u043b\u044c\u043d\u043e \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u0433\u043e \u0438\u0437\u0440\u0430\u0438\u043b\u044c\u0441\u043a\u043e\u0433\u043e \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u0430 \u0448\u043f\u0438\u043e\u043d\u0441\u043a\u043e\u0433\u043e \u041f\u041e NSO Group, \u0430 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0435 \u0430\u0442\u0430\u043a\u0438, \u043a\u0430\u043a \u0441\u0442\u0430\u043b\u043e \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e, \u0431\u044b\u043b\u0438 \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u044b \u043d\u0430 \u043f\u043e\u043b\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0430\u043a\u0442\u0438\u0432\u0438\u0441\u0442\u043e\u0432 \u0432 \u0411\u0430\u0445\u0440\u0435\u0439\u043d\u0435.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2021-30858 \u0438 CVE-2021-30860 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0435 \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430\u0445 WebKit \u0438 CoreGraphics, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e PDF-\u0444\u0430\u0439\u043b\u0430 \u0438\u043b\u0438 \u0432\u0435\u0431-\u043a\u043e\u043d\u0442\u0435\u043d\u0442\u0430 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430.\n\n\u0423\u0433\u0440\u043e\u0437\u0430 \u043a\u0430\u0441\u0430\u0435\u0442\u0441\u044f \u0432\u0441\u0435\u0445 iPhone \u0441 \u0432\u0435\u0440\u0441\u0438\u044f\u043c\u0438 iOS \u0434\u043e 14.8, \u0432\u0441\u0435 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u044b Mac \u0441 \u0432\u0435\u0440\u0441\u0438\u044f\u043c\u0438 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0434\u043e OSX Big Sur 11.6, \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 2021-005 Catalina \u0438 Apple Watch \u0434\u043e watchOS 7.6.2.\n\n\u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u0434\u0430\u043d\u043d\u044b\u043c SecurityWeek, \u0441 \u043d\u0430\u0447\u0430\u043b\u0430 2021 \u0433\u043e\u0434\u0430 \u0437\u0430\u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043d\u043e 64 \u0430\u0442\u0430\u043a\u0438 \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f, 15 \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u044b \u043d\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c \u0432 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445 iOS \u0438 macOS, \u0447\u0442\u043e \u043f\u043e\u0442\u0438\u0445\u043e\u043d\u044c\u043a\u0443 \u0440\u0430\u0437\u0440\u0443\u0448\u0430\u0435\u0442 \u043c\u0438\u0444 \u043e \u043d\u0435\u0437\u044b\u0431\u043b\u0435\u043c\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0444\u043b\u0430\u0433\u043c\u0430\u043d\u0441\u043a\u043e\u0433\u043e \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f Apple.\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u044f\u0435\u043c\u0441\u044f, \u043d\u0435 \u0440\u0430\u0437\u0434\u0443\u043c\u044b\u0432\u0430\u044f.", "creation_timestamp": "2021-09-14T15:05:00.000000Z"}, {"uuid": "174c1928-6abd-4d6a-8ac3-a374cd8ad838", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-30860", "type": "exploited", "source": "https://t.me/true_secator/2598", "content": "\u041f\u043e\u043a\u0430 \u0432\u0437\u043e\u0440 \u043c\u0438\u0440\u043e\u0432\u043e\u0439 \u043e\u0431\u0449\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0441\u0442\u0438 \u0431\u044b\u043b \u0441\u043e\u0441\u0440\u0435\u0434\u043e\u0442\u043e\u0447\u0435\u043d \u043d\u0430 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 NSO Group \u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0445 \u0441 \u043d\u0435\u0439 \u0438\u043d\u0442\u0440\u0438\u0433 \u0432\u043e\u043a\u0440\u0443\u0433 Pegasus, \u0434\u0440\u0443\u0433\u0430\u044f \u0438\u0437\u0440\u0430\u0438\u043b\u044c\u0441\u043a\u0430\u044f \u0444\u0438\u0440\u043c\u0430 \u0441\u043f\u043e\u043a\u043e\u0439\u043d\u0435\u043d\u044c\u043a\u043e \u043f\u0440\u043e\u0434\u0430\u0432\u0430\u043b\u0430 \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u044b\u0439 \u0448\u043f\u0438\u043e\u043d\u0441\u043a\u0438\u0439 \u0441\u043e\u0444\u0442.\n\n\u041a\u0430\u043a \u0441\u0442\u0430\u043b\u043e \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e, \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432 iOS, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043a\u0430\u043a \u0440\u0430\u0437 \u0442\u0430\u043a\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c NSO Group, \u0442\u0430\u043a\u0436\u0435 \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0434\u0440\u0443\u0433\u0438\u043c \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u043e\u043c \u0448\u043f\u0438\u043e\u043d\u0441\u043a\u043e\u0433\u043e \u041f\u041e \u0434\u043b\u044f \u0432\u0437\u043b\u043e\u043c\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 Apple. \u0420\u0435\u0447\u044c \u0438\u0434\u0435\u0442 \u043e \u043d\u0435\u0431\u043e\u043b\u044c\u0448\u043e\u0439 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 QuaDream - \u043c\u0435\u043d\u0435\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u0439, \u043d\u043e \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0442\u0430\u043a\u0436\u0435 \u0440\u0430\u0437\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u0435\u0442 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u044b \u0434\u043b\u044f \u0432\u0437\u043b\u043e\u043c\u0430 \u0441\u043c\u0430\u0440\u0442\u0444\u043e\u043d\u043e\u0432 \u0432 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u0430\u0445 \u0433\u043e\u0441\u0443\u0434\u0430\u0440\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0445 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432.\n\n\u041e\u0431 \u044d\u0442\u043e\u043c \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u043e \u0430\u0433\u0435\u043d\u0442\u0441\u0442\u0432\u043e Reuters \u0441\u043e \u0441\u0441\u044b\u043b\u043a\u043e\u0439 \u043d\u0430 \u043d\u0435\u043d\u0430\u0437\u0432\u0430\u043d\u043d\u044b\u0435 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438, \u043e\u0442\u043c\u0435\u0442\u0438\u0432, \u0447\u0442\u043e \u0434\u0432\u0435 \u043a\u043e\u043d\u043a\u0443\u0440\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u0432 \u043f\u0440\u043e\u0448\u043b\u043e\u043c \u0433\u043e\u0434\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0438 \u0442\u0430\u043a\u0443\u044e \u0436\u0435 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0439 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u0442\u0435\u043b\u0435\u0444\u043e\u043d\u043e\u0432 Apple, \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u0432\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0430\u043c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u043d\u0435 \u043d\u0443\u0436\u043d\u043e \u0431\u044b\u043b\u043e \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0442\u044c \u043d\u0438\u043a\u0430\u043a\u0438\u0445 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u0441\u0441\u044b\u043b\u043e\u043a.\n\n\u0414\u043b\u044f \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u043b\u0441\u044f \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 FORCEDENTRY, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0431\u044b\u043b \u0441\u0432\u044f\u0437\u0430\u043d \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u043c \u0432 iMessage \u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0441\u044f \u0434\u043b\u044f \u043e\u0431\u0445\u043e\u0434\u0430 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u0437\u0430\u0449\u0438\u0442\u044b iOS \u0438 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u0448\u043f\u0438\u043e\u043d\u0441\u043a\u043e\u0433\u043e \u041f\u041e, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0441\u043e\u0431\u0438\u0440\u0430\u0442\u044c \u043e\u0433\u0440\u043e\u043c\u043d\u043e\u0435 \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438: \u043a\u043e\u043d\u0442\u0430\u043a\u0442\u044b, \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u044b\u0435 \u043f\u0438\u0441\u044c\u043c\u0430, \u0444\u0430\u0439\u043b\u044b, \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f \u0438 \u0444\u043e\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0438, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u0430\u043c\u0435\u0440\u0435 \u0438 \u043c\u0438\u043a\u0440\u043e\u0444\u043e\u043d\u0443 \u0442\u0435\u043b\u0435\u0444\u043e\u043d\u0430. \u0421\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b \u0438\u0437 Google Project Zero \u043d\u0430\u0437\u0432\u0430\u043b\u0438 FORCEDENTRY (CVE-2021-30860, \u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 7,8) \u043e\u0434\u043d\u0438\u043c \u0438\u0437 \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438 \u0441\u043b\u043e\u0436\u043d\u044b\u0445 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432.\n\n\u0428\u043f\u0438\u043e\u043d\u0441\u043a\u043e\u0435 \u041f\u041e \u043e\u0442 QuaDream \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c REIGN \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u043e Pegasus \u0438 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u0432\u043e\u0438\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u043f\u043e\u043b\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e\u043c. \u041a\u0430\u043a \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e Apple \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u043e\u0448\u0438\u0431\u043a\u0443 \u0432 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u0435 2021 \u0433\u043e\u0434\u0430, \u0430 \u0437\u0430\u0442\u0435\u043c \u043f\u043e\u0434\u0430\u043b\u0430 \u0432 \u0441\u0443\u0434 \u043d\u0430 NSO Group \u0437\u0430 \u0437\u043b\u043e\u0443\u043f\u043e\u0442\u0440\u0435\u0431\u043b\u0435\u043d\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u043c \u0434\u043b\u044f \u0430\u0442\u0430\u043a \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 iPhone.\n\n\u041f\u043e\u0434\u043e\u0436\u0434\u0435\u043c \u0438 \u043f\u043e\u0441\u043c\u043e\u0442\u0440\u0438\u043c \u043a\u0430\u043a\u0438\u0435 \u0438\u043d\u0442\u0440\u0438\u0433\u0438 \u0438 \u0440\u0430\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u043d\u0430\u0441\u0442\u0438\u0433\u043d\u0443\u0442 \u044d\u0442\u0443 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044e, \u0442\u0430\u043a \u043a\u0430\u043a \u043f\u043e\u043a\u0430 \u043d\u0435\u0442 \u0441\u0432\u0435\u0434\u0435\u043d\u0438\u0439 \u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430\u0445 \u0438 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u043f\u043e\u0442\u0435\u0440\u043f\u0435\u0432\u0448\u0438\u0445 \u043e\u0442 \u0448\u043f\u0438\u043e\u043d\u0441\u043a\u043e\u0433\u043e \u041f\u041e.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, Reuters \u043d\u0435\u043e\u0434\u043d\u043e\u043a\u0440\u0430\u0442\u043d\u043e \u043f\u044b\u0442\u0430\u043b\u043e\u0441\u044c \u0441\u0432\u044f\u0437\u0430\u0442\u044c\u0441\u044f \u0441 QuaDream \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u043c\u0435\u043d\u0442\u0430\u0440\u0438\u0435\u0432, \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u044f \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f \u0440\u0443\u043a\u043e\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f\u043c \u0438 \u0434\u0435\u043b\u043e\u0432\u044b\u043c \u043f\u0430\u0440\u0442\u043d\u0435\u0440\u0430\u043c. \u041e\u0434\u0438\u043d \u0438\u0437 \u0436\u0443\u0440\u043d\u0430\u043b\u0438\u0441\u0442\u043e\u0432 \u0432\u043e\u0432\u0441\u0435 \u043f\u043e\u0441\u0435\u0442\u0438\u043b \u043e\u0444\u0438\u0441 QuaDream \u0432 \u043f\u0440\u0438\u0433\u043e\u0440\u043e\u0434\u0435 \u0422\u0435\u043b\u044c-\u0410\u0432\u0438\u0432\u0430 \u0420\u0430\u043c\u0430\u0442-\u0413\u0430\u043d \u043d\u0430 \u043f\u0440\u043e\u0448\u043b\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435, \u043d\u043e \u043d\u0438\u043a\u0442\u043e \u043d\u0435 \u043e\u0442\u043a\u0440\u044b\u043b \u0434\u0432\u0435\u0440\u044c. \u0418\u0437\u0440\u0430\u0438\u043b\u044c\u0441\u043a\u0438\u0439 \u044e\u0440\u0438\u0441\u0442 \u0412\u0438\u0431\u0435\u043a\u0435 \u0414\u0430\u043d\u043a, \u0447\u0435\u0439 \u0430\u0434\u0440\u0435\u0441 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043f\u043e\u0447\u0442\u044b \u0443\u043a\u0430\u0437\u0430\u043d \u0432 \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0444\u043e\u0440\u043c\u0435 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 QuaDream, \u0442\u0430\u043a\u0436\u0435 \u043d\u0435 \u043e\u0442\u0432\u0435\u0442\u0438\u043b \u043d\u0430 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f. \u0412 Apple \u043f\u043e\u043a\u0430 \u0442\u043e\u0436\u0435 \u043e\u0442\u043c\u0430\u043b\u0447\u0438\u0432\u0430\u044e\u0442\u0441\u044f \u0438 \u043d\u0435 \u0434\u0430\u044e\u0442 \u043a\u043e\u043c\u043c\u0435\u043d\u0442\u0430\u0440\u0438\u0435\u0432 \u043f\u043e \u043f\u043e\u0432\u043e\u0434\u0443 QuaDream \u0438 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0445 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0439 \u0432 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u0438 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438.\n\n\u0412\u0442\u043e\u0440\u043e\u0439 \u0441\u0435\u0437\u043e\u043d PegasusGate \u043d\u0430 \u043f\u043e\u0434\u0445\u043e\u0434\u0435.", "creation_timestamp": "2022-02-07T17:00:49.000000Z"}, {"uuid": "ac740b44-46eb-4e02-b0a1-39fe3c215f06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-30860", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/1903", "content": "|FORCEDENTRY, \u0442\u044b \u0442\u0443\u0442?|\n\n\ud83d\udd75\ufe0f\u200d\u2642\ufe0f\u0414\u0443\u043c\u0430\u044e, \u0447\u0442\u043e \u043c\u043d\u043e\u0433\u0438\u0435 \u043d\u0435 \u0437\u0430\u0431\u044b\u043b\u0438 \u043f\u0440\u043e \u0441\u0434\u0435\u043b\u0430\u0432\u0448\u0438\u0439 \u043c\u043d\u043e\u0433\u043e \u0448\u0443\u043c\u0430 \u0433\u043e\u0434 \u043d\u0430\u0437\u0430\u0434 data-only 0-click RCE \u0441\u043f\u043b\u043e\u0439\u0442 FORCEDENTRY(CVE-2021-30860, integer overflow \u0432  JBIG2 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0434\u043b\u044f xpdf \u0432 Apple (JBIG2Stream::readTextRegionSeg(), \u043f\u043e\u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e\u043c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f JBIG2 weird machine \u0432 \u043f\u0430\u0440\u0441\u0435\u0440\u0435), \u0447\u0442\u043e \u043e\u0442\u043d\u043e\u0441\u0438\u0442\u0441\u044f \u043a CoreGraphics \u043f\u043e \u0441\u0443\u0442\u0438) \u0447\u0435\u0440\u0435\u0437 iMessage \u043e\u0442 NSO Group. \u0422\u043e \u0435\u0441\u0442\u044c \u043f\u0440\u0438\u043b\u0435\u0442\u0430\u0435\u0442 \u0442\u0435\u0431\u0435 PDF \u0444\u0430\u0439\u043b, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u044f\u043a\u043e\u0431\u044b \".gif\" \u0438 \u0437\u0430 \u0441\u0447\u0435\u0442 \u0442\u043e\u0433\u043e, \u0447\u0442\u043e IMTranscoderAgent \u0430\u043d\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043b \u043a\u0430\u043a \u0440\u0430\u0437 \u0442\u0430\u043a\u043e\u0433\u043e \u0440\u043e\u0434\u0430 \u0441\u0430\u043c\u043e\u0437\u0432\u0430\u043d\u0446\u0435\u0432 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u0430\u043c\u0438 BlastDoor \u043f\u0435\u0441\u043e\u0447\u043d\u0438\u0446\u044b, \u0438\u0437\u0440\u0430\u0438\u043b\u044c\u0442\u044f\u043d\u0435 \u043c\u043e\u0433\u043b\u0438 \u0434\u043e\u0441\u0442\u0438\u0447\u044c SBX. \u0412 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0431\u044b\u043b\u0430 \u043d\u0430\u043c\u043d\u043e\u0433\u043e \u0441\u043b\u043e\u0436\u043d\u0435\u0435 \u0438 \u043c\u043e\u0436\u043d\u043e \u043f\u043e\u0447\u0438\u0442\u0430\u0442\u044c \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u0435\u0435: \u043d\u0430 \u043a\u0430\u043d\u0430\u043b\u0435, \u0442\u0443\u0442 \u0438 \u0442\u0443\u0442.\n\n\u041f\u0440\u0438\u0447\u0435\u043c \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 Google Project Zero \u043d\u0435 \u0441\u043c\u043e\u0433\u043b\u0438 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0442\u043e\u0447\u043d\u044b\u0439 \u0441\u043b\u0435\u0434 \u043f\u043e\u0441\u043b\u0435 IMTranscoderAgent SBX \u0438 \u043a\u0430\u043a \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u043e\u0436\u0435\u043d\u0438\u0435 \u0432\u044b\u0434\u0432\u0438\u043d\u0443\u043b\u0438 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0435\u0432 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438:\n1\ufe0f\u20e3iMessage RCE \u27a1\ufe0f IMTranscoderAgent SBX \u27a1\ufe0f iOS kernel LPE\n2\ufe0f\u20e3iMessage RCE \u27a1\ufe0f IMTranscoderAgent SBX \u27a1\ufe0f some_service \u27a1\ufe0f iOS kernel LPE\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0434\u043b\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u0438\u043a\u043e\u0432 \u0438 \u043f\u043e \u0441\u0435\u0439 \u0434\u0435\u043d\u044c \u0441\u0442\u043e\u0438\u0442 \u0432 \u0442\u043e\u043c, \u0447\u0442\u043e \u0432 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435 \u0434\u043e \u0441\u0438\u0445 \u043f\u043e\u0440 \u043d\u0435\u0442 \u0441\u044d\u043c\u043f\u043b\u043e\u0432(\u043e\u0442\u0441\u044e\u0434\u0430 \u043c\u043e\u0436\u0435\u043c \u0441\u0434\u0435\u043b\u0430\u0442\u044c \u0432\u044b\u0432\u043e\u0434, \u0447\u0442\u043e \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u044b\u043c\u0438 \u043c\u0435\u0442\u043e\u0434\u0430\u043c\u0438 \u0434\u0435\u0442\u0435\u043a\u0442\u0438\u0442\u044c \u043d\u0435 \u0432\u044b\u0439\u0434\u0435\u0442). \u0412 \u044d\u0442\u043e\u043c \u043f\u043e\u0441\u0442\u0435 \u041c\u044d\u0442\u0442\u0430 \u043f\u043e\u043c\u0438\u043c\u043e \u0440\u0430\u0437\u0431\u043e\u0440\u0430 \u0430\u0442\u0430\u043a\u0438 \u0438\u0434\u0435\u0442 \u0440\u0435\u0447\u044c \u0438 \u043e \u0434\u0435\u0442\u0435\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0438 \u0431\u0435\u0437 \u0438\u0441\u043f\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0440\u0435\u0433\u0443\u043b\u044f\u0440\u043e\u043a \u0438\u043b\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043e\u043a \u0438\u043c\u0435\u043d\u0438 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430, \u0432 \u043a\u043e\u043d\u0435\u0447\u043d\u043e\u043c \u0438\u0442\u043e\u0433\u0435 \u0431\u044b\u043b \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442(ELEGANTBOUNCER) \u0434\u043b\u044f \u0430\u043d\u0430\u043b\u0438\u0437\u0430 \u0444\u0430\u0439\u043b\u043e\u0432 non-fileless(data-only) \u0430\u0442\u0430\u043a\u0438, \u043f\u0440\u0438\u0447\u0435\u043c \u043d\u0435 \u043e\u0441\u043d\u043e\u0432\u044b\u0432\u0430\u044f\u0441\u044c \u043d\u0430 \u0441\u044d\u043c\u043f\u043b\u0430\u0445. \n\n\ud83d\udd16\u0411\u043e\u043b\u0435\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e \u043c\u043e\u0436\u043d\u043e \u043f\u043e\u0447\u0438\u0442\u0430\u0442\u044c \u0432 \u0441\u0442\u0430\u0442\u044c\u0435 \u041c\u044d\u0442\u0442\u0430.\n\n\ud83d\udd75\ufe0f\u200d\u2642\ufe0fI think that many have not forgotten about the FORCEDENTRY exploit that made a lot of noise a year ago (CVE-2021-30860, integer overflow in the JBIG2 implementation for xpdf in Apple (JBIG2Stream::readTextRegionSeg(), by programming the JBIG2 weird machine in the parser), which refers to CoreGraphics in fact) via iMessage from NSO Group. That is, a PDF file arrives to you, which is allegedly \".gif\" and due to the fact that IMTranscoderAgent analyzed just such impostors outside the BlastDoor sandbox, the Israelis could achieve SBX. In fact, the operation was much more complicated and you can read more: a  on the channel, here and here.\n\nMoreover, researchers from Google Project Zero were unable to establish an exact trace after IMTranscoderAgent SBX and, as an assumption, put forward several operating scenarios:\n1\ufe0f\u20e3iMessage RCE \u27a1\ufe0f IMTranscoderAgent SBX \u27a1\ufe0f iOS kernel LPE\n2\ufe0f\u20e3iMessage RCE \u27a1\ufe0f IMTranscoderAgent SBX \u27a1\ufe0f some_service \u27a1\ufe0f iOS kernel LPE\n\nThe problem for security guards to this day is that there are still no samples in the public domain (from here we can conclude that it will not be possible to detect using standard methods). In this post by Matt, in addition to analyzing the attack, we are talking about detecting without using regular expressions or checking the process name, eventually a tool for analyzing non-fileless(data-only) attack files was introduced, and not based on samples(ELEGANTBOUNCER). \n\n\ud83d\udd16You can read more in Matt's article.\n\n#NSO #PegasusSpyware #FORCEDENTRY #iOS #iMessage #forensics #security #expoitation #sbx #xpdf #weirdMachine #JBIG2", "creation_timestamp": "2022-12-21T14:45:16.000000Z"}, {"uuid": "73a56582-3c35-44e7-b748-1991629f766c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-30860", "type": "exploited", "source": "https://t.me/androidMalware/1514", "content": "A Year in Review of 0-days Used In-the-Wild in 2021 by Google\nIn 2021 there were 7 #Android in-the-wild 0-days detected and disclosed:\n - Qualcomm Adreno GPU driver (CVE-2020-11261, CVE-2021-1905, CVE-2021-1906)\n - ARM Mali GPU driver (CVE-2021-28663, CVE-2021-28664)\n - Upstream Linux kernel (CVE-2021-1048, CVE-2021-0920)\n\nFor the 5 total #iOS and macOS in-the-wild 0-days, they targeted 3 different attack surfaces:\n - IOMobileFrameBuffer (CVE-2021-30807, CVE-2021-30883)\n - XNU Kernel (CVE-2021-1782 &amp; CVE-2021-30869)\n - CoreGraphics (CVE-2021-30860)\n - CommCenter (FORCEDENTRY sandbox escape - CVE requested, not yet assigned)\nhttps://googleprojectzero.blogspot.com/2022/04/the-more-you-know-more-you-know-you.html", "creation_timestamp": "2022-04-27T11:03:23.000000Z"}, {"uuid": "b6e585f4-5d2a-4b0b-b916-069a2ecb8749", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-30860", "type": "seen", "source": "https://t.me/cibsecurity/48538", "content": "\u203c CVE-2022-38171 \u203c\n\nXpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readSymbolDictSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-22T22:20:42.000000Z"}, {"uuid": "6b41200f-f460-47fb-a563-45ec80d469ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-30860", "type": "exploited", "source": "https://t.me/CyberSecurityTechnologies/4318", "content": "#Threat_Research\n1. Analysis of CVE-2021-30860\nthe flaw and fix of a zero-click vulnerability, exploited in the wild\nhttps://objective-see.com/blog/blog_0x67.html\n2. Shellcode Detection Using Real-Time Kernel Monitoring\nhttps://www.countercraftsec.com/blog/post/shellcode-detection-using-realtime-kernel-monitoring", "creation_timestamp": "2021-09-17T12:10:00.000000Z"}, {"uuid": "5609df3d-c2b5-45fa-83d3-a8d2e1cbe29a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-30860", "type": "exploited", "source": "https://t.me/thehackernews/1537", "content": "Apple releases urgent updates for iOS and macOS to patch 3 new 0-day flaws actively exploited in the wild.\n\nAttacks involve:\n\nCVE-2021-30860 \u2014 maliciously crafted PDFs\nCVE-2021-30858 \u2014 maliciously crafted web content\nCVE-2021-30869 \u2014 malicious app\n\nhttps://thehackernews.com/2021/09/urgent-apple-ios-and-macos-updates.html", "creation_timestamp": "2021-09-24T06:47:09.000000Z"}, {"uuid": "ede449e7-f6ad-44de-a552-59d053684efb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-30860", "type": "exploited", "source": "https://t.me/thebugbountyhunter/5659", "content": "FORCEDENTRY - NSO Group iMessage Zero-Click Exploit Captured in the Wild (CVE-2021-30860 - processing a maliciously crafted PDF may lead to arbitrary code execution)\nhttps://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/", "creation_timestamp": "2021-09-14T00:07:44.000000Z"}, {"uuid": "b67cf3e1-8379-4806-b78c-8b89befafb26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-30860", "type": "seen", "source": "Telegram/mTyuG3h0cB4g1v1va2WNhZMX0yVR2sx0EGXeknjZc79Bkw", "content": "", "creation_timestamp": "2021-09-14T03:36:17.000000Z"}, {"uuid": "e2e20168-3485-4cc2-a9a2-4ca1dcd03067", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-30860", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/4416", "content": "#Analytics\nTop 10 Most Used Vulns of the Month (Sep 1-30)\nCVE-2021-40444 - Microsoft MSHTML RCE\nhttps://t.me/cybersecuritytechnologies/4276\nCVE-2021-26084 - Confluence Server Webwork OGNL Inj\nhttps://t.me/cybersecuritytechnologies/4202\nCVE-2021-22005 - vCenter Server contains - arbitrary file upload\nhttps://t.me/cybersecuritytechnologies/4401\nCVE-2021-30860 - Zero-Click iPhone Exploit\nhttps://t.me/cybersecuritytechnologies/4318\nCVE-2021-38647 - OMIGOD RCE Vuln in Multiple Azure Linux Deployments\nhttps://t.me/cybersecuritytechnologies/4315\nCVE-2021-30632 - Out of bounds write in V8\nhttps://t.me/cybersecuritytechnologies/4342\nCVE-2021-33035 - Code Execution in Apache OpenOffice\nhttps://t.me/cybersecuritytechnologies/4329\nCVE-2021-38112 - AWS WorkSpaces Desktop Client RCE\nhttps://t.me/cybersecuritytechnologies/4358\nCVE-2021-30740 / CVE-2021-30768 - A malicious application may be able to execute arbitrary code with kernel privileges\nhttps://mobile.twitter.com/infinityABCDE/status/1437596340222038017", "creation_timestamp": "2021-10-01T11:01:01.000000Z"}]}