Apple Hit By 2 No-Click Zero-Days in Blastpass Exploit Chain
Researchers at Citizen Lab recommend immediately updating any iPhones and iPads to the latest OSes.
Citizen Lab discovered two no-click zero-day vulnerabilities while checking an unidentified individual's device, which was delivering mercenary spyware from NSO Group's Pegasus.
Citizen Lab disclosed this information to Apple immediately and has assisted with the investigation. Apple, in turn, added two CVEs to this exploit chain: CVE-2023-41064 and CVE-2023-41061.
Researchers at Citizen Lab are calling the exploit chain "Blastpass," which can compromise iPhones running iOS 16.6.1 and tablets running iPadOS 16.6.1 without any victim interaction. "Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited," the company said in a statement.
This vulnerability has been addressed in Apple's most recent round of patches, and researchers recommend users update their devices. Those who are at extremely high risk due to their identity or profession should enable lockdown mode, an extreme protection measure for those who might be targeted in sophisticated digital threats, though few are ever attacked in such a manner.
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024