San Francisco, Sep 8 (SocialNews.XYZ) Apple has fixed two zero-day vulnerabilities actively being used to deliver Israel-based NSO Group’s Pegasus spyware on iPhones.
Internet watchdog group Citizen Lab, while checking the device of an individual employed by a Washington DC-based civil society organisation with international offices, found the zero-click vulnerability.
“The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim,” Citizen Lab said in a statement late on Thursday.
They refered to the exploit chain as ‘BLASTPASS’. The exploit involved PassKit attachments containing malicious images sent from an attacker iMessage account to the victim.
Citizen Lab immediately disclosed our findings to Apple and assisted in their investigation.
Apple issued two CVEs related to this exploit chain (CVE-2023-41064 and CVE-2023-41061).
“We would like to acknowledge The Citizen Lab at The University of Torontoʼs Munk School for their assistance,” said the tech giant.
Citizen Lab has urged everyone to immediately update their devices.
“We encourage everyone who may face increased risk because of who they are or what they do to enable Lockdown Mode,” the researchers said.
Apple’s update will secure devices belonging to regular users, companies, and governments around the globe.
“The 'BLASTPASS' discovery highlights the incredible value to our collective cybersecurity of supporting civil society organizations,” said the watchdog.
Source: IANS
About Gopi
Gopi Adusumilli is a Programmer. He is the editor of SocialNews.XYZ and President of AGK Fire Inc.
He enjoys designing websites, developing mobile applications and publishing news articles on current events from various authenticated news sources.
When it comes to writing he likes to write about current world politics and Indian Movies. His future plans include developing SocialNews.XYZ into a News website that has no bias or judgment towards any.
He can be reached at gopi@socialnews.xyz