Whatsapp Calling For Mac10/22/2021
A Mac running macOS 10.13 or higher, or a Windows PC running Windows 10 64-bit version 1903 or newer. For now, WhatsApp said its nearly five-year-old desktop app for Mac and. WhatsApp is rolling out support for voice and video calling to its desktop app, the Facebook-owned messaging service said Thursday, providing relief to countless people sitting in front of computers who have had to reach for their phone every time their WhatsApp rang.
![]() As reported by TechCrunch: WhatsApp has been updated on macOS to bring support for video and audio calls on desktop, making it one of the best messaging apps on Mac. Sadly, the feature doesn't support group calling yet. Mi flash tool download for macToday, September 13th, Apple is releasing an update that patches CVE-2021-30860. The Citizen Lab disclosed the vulnerability and code to Apple, which has assigned the FORCEDENTRY vulnerability CVE-2021-30860 and describes the vulnerability as “processing a maliciously crafted PDF may lead to arbitrary code execution.” It also provides instructions to fix your camera on many devices and with many voice and video calls applications. We believe that FORCEDENTRY has been in use since at least February 2021.Webcam issues on WhatsApp for Mac. Each copy of this file caused an IMTranscoderAgent crash on the device. Despite the extension, the file was actually a 748-byte Adobe PSD file. 27 copies of an identical file with the “.gif” extension. Gif” extension in Library/SMS/Attachments that we determined were sent to the phone immediately before it was hacked with NSO Group’s Pegasus spyware. ![]() Attribution to NSO GroupWe observed multiple distinctive elements that allowed us to make a high-confidence attribution to NSO Group: We are publishing limited technical information about CVE-2021-30860 at this time. They designated the FORCEDENTRY exploit CVE-2021-30860, and describe it as “ processing a maliciously crafted PDF may lead to arbitrary code execution.”The exploit works by exploiting an integer overflow vulnerability in Apple’s image rendering library (CoreGraphics). That process name was used in an attack with NSO Group’s Pegasus spyware on an Al Jazeera journalist in July 2020. The spyware installed by the FORCEDENTRY exploit used multiple process names, including the name “setframed”. The specific CASCADEFAIL artifact can be detected bySELECT "CASCADEFAIL" FROM ZLIVEUSAGE WHERE ZLIVEUSAGE.ZHASPROCESS NOT IN (SELECT Z_PK FROM ZPROCESS) We have only ever seen this type of incomplete deletion associated with NSO Group’s Pegasus spyware, and we believe that the bug is distinctive enough to point back to NSO. In CASCADEFAIL, an entry from the file’s ZPROCESS table is deleted, but not entries in the ZLIVEUSAGE table that refer to the deleted ZPROCESS entry. Whatsapp Calling Software Vulnerabilities OnMercenary spyware companies devote substantial resources to identifying software vulnerabilities on widely used applications and then package those exploits to eager government clients, creating a highly lucrative but widely abused commercial surveillance marketplace.Our latest discovery of yet another Apple zero day employed as part of NSO Group’s arsenal further illustrates that companies like NSO Group are facilitating “despotism-as-a-service” for unaccountable government security agencies. Selling technology to governments that will use the technology recklessly in violation of international human rights law ultimately facilitates discovery of the spyware by investigatory watchdog organizations, as we and others have shown on multiple prior occasions, and as was the case again here.In 2016, we titled our report on the discovery of an iOS and MacOS Apple zero-day the “Million Dollar Dissident.” The title was chosen to reflect the huge sums that autocratic governments are willing to pay to hack their critics. ConclusionDespite promising their customers the utmost secrecy and confidentiality, NSO Group’s business model contains the seeds of their ongoing unmasking. We suspect that NSO Group developed FORCEDENTRY, which circumvents BlastDoor, in response to this mitigation. In 2019, WhatsApp fixed CVE-2019-3568, a zero-click vulnerability in WhatsApp calling that NSO Group used against more than 1400 phones in a two-week period during which it was observed, and in 2020, NSO Group employed the KISMET zero-click iMessage exploit.To our knowledge, the KISMET vulnerability was never publicly identified, though we suspect that the underlying vulnerability (if it still exists) can no longer be exploited via iMessage due to Apple’s introduction of the BlastDoor mitigation in iOS14. AcknowledgementsWe thank the targets of Pegasus spyware that have allowed us to analyze their devices, with a special thanks to the individual that worked with us on this case. Without intense engineering focus, we believe that they will continue to be heavily targeted, and successfully exploited. As presently engineered, many chat apps have become an irresistible soft target. Ubiquitous chat apps have become a major target for the most sophisticated threat actors, including nation state espionage operations and the mercenary spyware companies that service them.
0 Comments
Leave a Reply.AuthorJosh ArchivesCategories |