Detect & Prioritize NSO Pegasus iPhone Spyware Vulnerabilities Using VMDR for Mobile Devices

Swapnil Ahirrao

Apple recently released iOS and iPadOS 14.8 as a security update that addresses 2 critical zero-day vulnerabilities, which are used to deploy NSO Pegasus iPhone spyware. Qualys recommends that security teams should immediately update all devices running iOS and iPadOS to the latest version. “Apple is aware of a report that this issue may have been actively exploited,” the company said in security advisories.

The vulnerabilities affect iOS, iPadOS, watchOS, and macOS components including Core Graphics, and WebKit. Apple has released a fourth time an immediate security update release (14.8) after the major minor security update release (14.7.1) to fix the critical vulnerability (CVE-2021-30860) that has been actively exploited. Successful exploitation of vulnerability allows an application may be able to execute arbitrary code with kernel privileges, and spyware like Pegasus can be easily deployed on affect devices, and exploiting other vulnerabilities, it will get access to a device.

CoreGraphics Arbitrary Code Execution Vulnerability

Apple released a patch to fix arbitrary code execution critical vulnerability (CVE-2021-30860). This vulnerability has a CVSSv3.1 base score of 8.8 and should be prioritized for patching as successful exploitation of the vulnerability allows a remote attacker to execute arbitrary code on the target system by opening a specially crafted PDF file. It affects the iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

WebKit Arbitrary Code Execution Vulnerability

Apple released a patch to fix arbitrary code execution critical vulnerability (CVE-2021-30858). This vulnerability has a CVSSv3.1 base score of 8.8 and should be prioritized for patching as successful exploitation of the vulnerability allows a remote attacker to execute arbitrary code on the target system by opening a specially crafted web page. It affects the iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Discover Vulnerabilities and Take Remote Response Action Using VMDR for Mobile Devices

Discover Assets Missing the Latest Android Security Patch and Update

The first step in managing these critical vulnerabilities and reducing risk is to identify the assets. Qualys VMDR for Mobile Devices makes it easy to identify the iOS and iPadOS assets not updated to the latest version iOS 14.8. To get the comprehensive visibility of the mobile devices, you need to install Qualys Cloud Agent for Android or iOS/iPadOS on all mobile devices. The device onboarding process is easy, and the inventory of mobile devices is free.

Query: vulnerabilities.vulnerability.title:”iOS 14.8″

Once you get the list of assets missing the latest security patch, navigate to the Vulnerability tab. Enter the vulnerabilities.vulnerability.title:”iOS 14.8″ and apply the Group By “Vulnerabilities” to get the list of the CVEs that Apple fixes in iOS and iPadOS 14.8 release. Qualys VMDR helps you understand what kind of risk you are taking by allowing the unpatched device to hold corporate data and connect to your corporate network.

Also, you can apply the Group By “CVE Ids” to get only the list of CVEs fixed by Apple in iOS and iPadOS 14.8 release.

QID 610367 is available in signature version SEM VULNSIGS-1.0.0.45, and there is no dependency on any specific Qualys Cloud Agent version.

With the VMDR for Mobile Devices dashboard, you can track the status of the assets on which the latest security patch and update is missing. The dashboard will be updated with the latest data collected by Qualys Cloud Agent for Android and iOS devices.

Remote Response Action

You can perform the “Send Message” action to inform the end-user to update the devices to the latest OS version. Also, you may provide step-by-step details to update the security patch.

We recommend updating to the latest iOS and iPadOS version for the assets where vulnerabilities are detected as “Confirmed”.

Get Started Now

Qualys VMDR for Mobile Devices is available free for 30 days to help customers detect vulnerabilities, monitor critical device settings, and correlate updates with the correct app versions available on Google Play Store. You can try our solution by registering for the free 30-day service.

Share your Comments

Comments

Your email address will not be published. Required fields are marked *