Apple releases macOS, iOS, iPadOS, and watchOS updates to address two zero-day flaws that Citizen Lab says were used to deliver NSO Group's Pegasus spyware
Apple released software updates on Thursday to address two zero-day vulnerabilities that researchers said were used …
The Record Joe Warminsky
Related Coverage
- NSO Group iPhone Zero-Click, Zero-Day Exploit Captured in the Wild The Citizen Lab · John Scott-Railton
- About the security content of iOS 16.6.1 and iPadOS 16.6.1 Apple Support
- Apple security releases Apple Support
- Apple patches “clickless” 0-day image processing vulnerability in iOS, macOS Ars Technica · Andrew Cunningham
- Apple fixes zero-day bugs used to plant Pegasus spyware TechCrunch · Lorenzo Franceschi-Bicchierai
- PSA: Make Sure to Update, iOS 16.6.1 and macOS 13.5.2 Address Actively Exploited Vulnerability MacRumors · Juli Clover
- Apple discloses 2 new zero-days exploited to attack iPhones, Macs BleepingComputer · Sergiu Gatlan
- iOS 16.6.1 fixes a big iPhone security vulnerability used to install Pegasus spyware The Verge · Tom Warren
- Citizen Lab Says US iPhone Hacked With Israeli NSO Spyware Bloomberg · Jamie Tarabay
- Apple races to patch the latest zero-day iPhone exploit The Register · Richard Speed
- Exploit that delivered Pegasus spyware patched in iOS 16.6.1 update AppleInsider · Amber Neely
- Update your iPhone now to patch a major ‘Pegasus’ vulnerability Engadget · Steve Dent
- Apple Rushes to Patch Zero-Day Flaws Exploited for Pegasus Spyware on iPhones The Hacker News
- Update your iPhone: Apple just pushed out a significant security update Associated Press
- Update your iPhone and iPad now - Apple just fixed a big iOS and iPadOS security flaw TechRadar · Mark Wilson
- Apple fixes exploited security flaws with iPadOS & iOS 16.6.1, watchOS 9.6.2, macOS Ventura 13.5.2 updates AppleInsider · Mike Wuerthele
- Apple issues emergency patch after Pegasus spyware breach Financial Times · Mehul Srivastava
- iOS 16.6.1 Now Available, Addresses and Patches Security Exploits iPhone in Canada Blog · Steve Vegvari
- Latest iOS 16 update fixes major security problem on iPhones Android Headlines · Kristijan Lucic
- Apple Patches Two Zero-Days Exploited in Pegasus Attacks Infosecurity · Phil Muncaster
- Apple patches zero-day exploits Cybernews.com · Gintaras Radauskas
- Apple releases security update for flaw exploited by Pegasus spyware Silicon Republic · Vish Gain
- Malware: The NSO Group and a Timeline Beyond Search · Stephen E. Arnold
- Accidental find reveals vulnerabilities in iOS exploited to deliver Pegasus spyware MediaNama · Pooja Upadhyay
- Urgent warning to Apple users as spyware infiltrates devices with zero clicks Metro.co.uk · Jessica Kwong
- Zero-days fixed by Apple were used to deliver NSO Group's Pegasus spyware Security Affairs · Pierluigi Paganini
- New flaw in Apple devices led to spyware infection, researchers say The Straits Times
- Apple Fixes Two Actively Exploited Flaws Decipher · Lindsey O'Donnell-Welch
- Apple Hit By 2 No-Click Zero-Days in Blastpass Exploit Chain Dark Reading
- Apple fixed zero-day exploit used by Pegasus spyware with iOS 16.6.1 9to5Mac · Filipe Espósito
- Apple Releases Emergency Security Updates to Fix Zero-day Exploits UsedNSO Group OPP.Today · Ron Davis
- Apple fixes two actively exploited zero-day flaws — update your iPhone and Mac now Tom's Guide · Anthony Spadafora
- Apple Patches Actively Exploited iOS, macOS Zero-Days SecurityWeek · Ryan Naraine
- iOS 16.6.1: Apple Suddenly Releases Crucial iPhone Update To Fix Wallet Forbes · David Phelan
- Apple launches iOS 16.6.1, iPadOS 16.6.1, watchOS 9.6.2 and macOS Ventura 13.5.2 to fix two dangerous exploits iDownloadBlog.com · Christian Zibreg
- iOS 16.6.1: Update your iPhone now with this important security update Macworld · Jason Cross
- iOS 16.6.1: You Should Download This iPhone Update Now CNET · Zachary McAuliffe
- Apple releases iOS 16.6.1 with security bug fixes Supercharged · Omar Moharram
- iOS 16.6.1 patches security vulnerabilities in Wallet and more 9to5Mac · Chance Miller
- Apple developers drunk-coding: loading a simple image can “lead to arbitrary code execution, allowing a hacker to gain access to the operating system with a simple picture.” — It's 2023. — This is unacceptable for any operating system. — https://www.macrumors.com/... @taoeffect@mstdn.io · Greg Slepak
- It is time, once again, to update those devices! — PSA: Make Sure to Update, iOS 16.6.1 and macOS 13.5.2 Address Actively Exploited Vulnerability https://www.macrumors.com/... #iOS #macOS #iPadOS #Vulnerability #Exploit #InfoSec #Security #Update #TechNews — [image] @majorlinux@toot.majorshouse.com
- NSO group iPhone zero-click, zero-day exploit captured in the wild Hacker News
- Apple patches “clickless” 0-day image processing vulnerability in iOS, macOS Ars OpenForum
Discussion
-
@jsrailton
John Scott-Railton
on x
🚨 Update your @apple products immediately! Last week we @citizenlab discovered a new #Pegasus zero-click exploit chain. (No clicking required to infect latest iOS!) Found while checking civil society. Disclosed to Apple which rushed a patch 1/ https://citizenlab.ca/... [image]
-
@billmarczak
Bill Marczak
on x
We refer to the exploit as BLASTPASS, as it employed a PassKit (Wallet) attachment containing a malicious image, sent via iMessage. When the phone processed the attachment, the exploit hijacked control of Apple's “BlastDoor” framework for iMessage security.
-
@tomwarren
Tom Warren
on x
Apple just fixed a massive iPhone security vulnerability today, with its iOS 16.6.1 release. “The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim.” 😵🥴😬 https://citizenlab.ca/... [image]
-
@maddiestone
Maddie Stone
on x
Two ITW 0-days for iOS: ImageIO (CVE-2023-41064) discovered by Citizen Lab & Wallet (CVE-2023-41061) discovered by Apple. This is the first time that Apple has been publicly credited for an ITW 0day since we began tracking in 2014! Thank you Apple! 🥳 https://support.apple.com/...
-
@jsrailton
John Scott-Railton
on x
4/ UPDATE on #BLASTDOOR exploit: We believe, and @Apple's Security Engineering and Architecture team has confirmed to us, that Lockdown Mode blocks this particular attack. (Obviously you should also make sure to update!) [image]
-
@msuiche
Matt Suiche
on x
Given that the name is “BLASTPASS” and the target is iMessage, I assume this means that this the first zero click exploit caught which includes a BlastDoor sandbox bypass introduced in iOS 14 2021. 🥲
-
@citizenlab
@citizenlab
on x
🚨🚨WE URGE EVERYONE TO UPDATE THEIR APPLE DEVICES AS SOON AS POSSIBLE. We have found an actively exploited #zero #click vulnerability that was used to deliver #NSO group's #Pegasus #spyware. https://citizenlab.ca/...
-
@billmarczak
Bill Marczak
on x
Today, Apple released iOS 16.6.1, patching two vulnerabilities exploited by BLASTPASS in Wallet (CVE-2023-41061) and ImageIO (CVE-2023-41064) so update your iPhones! Also, if you're at risk because of who you are or what you do, please enable Lockdown Mode https://support.apple.c…
-
@evacide
Eva
on x
Everybody go update your iPhones. The new 0-click vuln exploited by NSO Group is sent via a malicious image in iMessage. https://citizenlab.ca/...
-
@billmarczak
Bill Marczak
on x
NEW: Last week, we @citizenlab captured a “zero-click” exploit used to install Pegasus on the latest version of iOS, 16.6. The exploit installed Pegasus without any interaction from the victim, and was virtually invisible https://citizenlab.ca/...
-
@jsrailton
John Scott-Railton
on x
2/ We found the #BLASTPASS exploit chain thanks to an unnamed victim. Once more, civil society, is serving as the cybersecurity early warning system for... billions of devices around the world. Including you, if you're reading this on your iPhone. Or Mac. [image]
-
r/apple
r
on reddit
iPhone hacked through malicious pass sent via iMessage