Apple releases macOS, iOS, iPadOS, and watchOS updates to address two zero-day flaws that Citizen Lab says were used to deliver NSO Group's Pegasus spyware
The Record Joe Warminsky
Related Coverage
- NSO Group iPhone Zero-Click, Zero-Day Exploit Captured in the Wild The Citizen Lab
- iOS 16.6.1 for iPhone now available with important security fixes 9to5Mac
- Apple fixes zero-day bugs used to plant Pegasus spyware TechCrunch
- New flaw in Apple devices led to spyware infection, researchers say Reuters
- About the security content of iOS 16.6.1 and iPadOS 16.6.1 Apple Support
- ‘Update Immediately’—Serious iPhone Warning Issued by Binance CEO For ‘Billions Of Devices’ Forbes
- Exploit that delivered Pegasus spyware patched in iOS 16.6.1 update AppleInsider
- Apple patches “clickless” 0-day image processing vulnerability in iOS, macOS Ars Technica
- Update your iPhone now to patch a major ‘Pegasus’ vulnerability Engadget
- Apple issues 2 CVEs to patch zero-day flaws used to deliver Pegasus spyware SC Media
- Update your iPhone: New iOS patch shuts down serious exploit Android Authority
- iOS 16.6.1 fixes a big iPhone security vulnerability used to install Pegasus spyware The Verge
- Researchers discover new flaws in Apple iPhones that allow attackers to take over your phone without your knowledge Tech Startups
- Apple Releases iOS, macOS, and watchOS Updates to Fix Critical Security Vulnerabilities Thurrott
- Apple fixes zero-click exploit that lets hackers spy on your iPhone MobileSyrup
- Is your iPhone safe? Apple releases security update after Pegasus spyware installed The Hill
- Apple Device Owners Must Stop Everything To Update Their IOS, MacOS; It Fixes Critical Zero-Day Bugs International Business Times
- Update your iPhone and Mac now - Apple has fixed two major security bugs TechRadar
- IPhone Hacked Using Pegasus Spyware from Israel's NSO Group Bloomberg
- Apple discloses 2 new zero-days exploited to attack iPhones, Macs BleepingComputer
- Apple races to patch the latest zero-day iPhone exploit The Register
- Apple issues emergency patch after Pegasus spyware breach Financial Times
- Apple Rushes to Patch Zero-Day Flaws Exploited for Pegasus Spyware on iPhones The Hacker News
- Malware: The NSO Group and a Timeline Beyond Search
- Latest iOS 16 update fixes major security problem on iPhones Android Headlines
- Accidental find reveals vulnerabilities in iOS exploited to deliver Pegasus spyware MediaNama
- Apple Patches Two Zero-Days Exploited in Pegasus Attacks Infosecurity
- Apple patches zero-day exploits Cybernews.com
- Update your iPhone: Apple just pushed out a significant security update Associated Press
- Apple releases security update for flaw exploited by Pegasus spyware Silicon Republic
- Zero-days fixed by Apple were used to deliver NSO Group's Pegasus spyware Security Affairs
- PSA: Make Sure to Update, iOS 16.6.1 and macOS 13.5.2 Address Actively Exploited Vulnerability MacRumors
- Apple security updates address vulnerabilities targeted by NSO Group SiliconANGLE
- Urgent warning to Apple users as spyware infiltrates devices with zero clicks Metro.co.uk
- Apple Fixes Two Actively Exploited Flaws Decipher
- Apple Hit By 2 No-Click Zero-Days in Blastpass Exploit Chain Dark Reading
- Apple developers drunk-coding: loading a simple image can “lead to arbitrary code execution, allowing a hacker to gain access to the operating system with a simple picture.” — It's 2023. — This is unacceptable for any operating system. — https://www.macrumors.com/... @taoeffect@mstdn.io
- It is time, once again, to update those devices! — PSA: Make Sure to Update, iOS 16.6.1 and macOS 13.5.2 Address Actively Exploited Vulnerability https://www.macrumors.com/... #iOS #macOS #iPadOS #Vulnerability #Exploit #InfoSec #Security #Update #TechNews — [image] @majorlinux@toot.majorshouse.com
- NSO group iPhone zero-click, zero-day exploit captured in the wild Hacker News
Discussion
-
@jsrailton
John Scott-Railton
on x
🚨 Update your @apple products immediately! Last week we @citizenlab discovered a new #Pegasus zero-click exploit chain. (No clicking required to infect latest iOS!) Found while checking civil society. Disclosed to Apple which rushed a patch 1/ https://citizenlab.ca/... [image]
-
@billmarczak
Bill Marczak
on x
We refer to the exploit as BLASTPASS, as it employed a PassKit (Wallet) attachment containing a malicious image, sent via iMessage. When the phone processed the attachment, the exploit hijacked control of Apple's “BlastDoor” framework for iMessage security.
-
@jsrailton
John Scott-Railton
on x
Fascinating spin. NSO Group will have known *instantly* if Apple's update breaks their exploit (#BLASTPASS). Good example of how the notorious spyware company tries to misinform the public. From @MehulAtLarge https://www.ft.com/... [image]
-
@lorenzofb
Lorenzo Franceschi-Bicchierai
on x
UPDATE: Citizen Lab and Apple's security team believe Lockdown Mode would have blocked an attack done with the vulnerabilities discovered here. https://techcrunch.com/... [image]
-
@tomwarren
Tom Warren
on x
Apple just fixed a massive iPhone security vulnerability today, with its iOS 16.6.1 release. “The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim.” 😵🥴😬 https://citizenlab.ca/... [image]
-
@jsrailton
John Scott-Railton
on x
2/ We found the #BLASTPASS exploit chain thanks to an unnamed victim. Once more, civil society, is serving as the cybersecurity early warning system for... billions of devices around the world. Including you, if you're reading this on your iPhone. Or Mac. [image]
-
@jsrailton
John Scott-Railton
on x
4/ UPDATE on #BLASTDOOR exploit: We believe, and @Apple's Security Engineering and Architecture team has confirmed to us, that Lockdown Mode blocks this particular attack. (Obviously you should also make sure to update!) [image]
-
@billmarczak
Bill Marczak
on x
NEW: Last week, we @citizenlab captured a “zero-click” exploit used to install Pegasus on the latest version of iOS, 16.6. The exploit installed Pegasus without any interaction from the victim, and was virtually invisible https://citizenlab.ca/...
-
@citizenlab
@citizenlab
on x
🚨🚨WE URGE EVERYONE TO UPDATE THEIR APPLE DEVICES AS SOON AS POSSIBLE. We have found an actively exploited #zero #click vulnerability that was used to deliver #NSO group's #Pegasus #spyware. https://citizenlab.ca/...
-
@msuiche
Matt Suiche
on x
Given that the name is “BLASTPASS” and the target is iMessage, I assume this means that this the first zero click exploit caught which includes a BlastDoor sandbox bypass introduced in iOS 14 2021. 🥲
-
@billmarczak
Bill Marczak
on x
Today, Apple released iOS 16.6.1, patching two vulnerabilities exploited by BLASTPASS in Wallet (CVE-2023-41061) and ImageIO (CVE-2023-41064) so update your iPhones! Also, if you're at risk because of who you are or what you do, please enable Lockdown Mode https://support.apple.c…
-
@evacide
Eva
on x
Everybody go update your iPhones. The new 0-click vuln exploited by NSO Group is sent via a malicious image in iMessage. https://citizenlab.ca/...
-
@maddiestone
Maddie Stone
on x
Two ITW 0-days for iOS: ImageIO (CVE-2023-41064) discovered by Citizen Lab & Wallet (CVE-2023-41061) discovered by Apple. This is the first time that Apple has been publicly credited for an ITW 0day since we began tracking in 2014! Thank you Apple! 🥳 https://support.apple.com/...
-
r/technews
r
on reddit
Apple patches “clickless” 0-day image processing vulnerability in iOS, macOS | “BLASTPASS” bug can install malware without user interaction.
-
r/technology
r
on reddit
Apple fixes zero-day bugs used to plant Pegasus spyware | TechCrunch
-
r/apple
r
on reddit
iPhone hacked through malicious pass sent via iMessage