1. Home
  2. >
  3. Technology šŸ› ļø
Posted

Apple Pushes Emergency iOS Update to Fix Zero-Click iPhone Spyware Exploit

  • Apple rushes to fix new zero-click, zero-day iPhone exploit used to deploy Pegasus spyware
  • Exploit chains involve vulnerabilities in ImageIO and PassKit, allowing remote code execution
  • Citizen Lab researchers discovered the BLASTPASS exploit chain and disclosed it to Apple
  • Apple released iOS 16.6 updates to address the vulnerabilities CVE-2023-41064 and CVE-2023-41061
  • Users advised to update iOS/iPadOS immediately and enable Lockdown Mode for protection against Pegasus
theregister.com
Relevant topic timeline:
Hackers can use a hacking tool called Flipper Zero to spam iPhones with persistent pop-ups, disrupting the user experience and making the device nearly unusable.
Apple has released emergency security updates to fix two new zero-day vulnerabilities that were exploited in attacks targeting iPhone and Mac users, bringing the total number of exploited zero-days patched this year to 13.
Two zero-day vulnerabilities, CVE-2023-41064 and CVE-2023-41061, were exploited by NSO Group's Pegasus spyware to infect fully-patched iPhones running iOS 16.6 via PassKit attachments containing malicious images, prompting Citizen Lab to urge Apple users to update their devices and activate Lockdown Mode.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch security vulnerabilities used in a zero-click iMessage exploit chain that infected iPhones with NSO Group's Pegasus spyware.
Apple has released emergency security updates to fix three new zero-day vulnerabilities that were exploited to target iPhone and Mac users, bringing the total number of zero-days fixed this year to 16. The vulnerabilities allowed attackers to bypass signature validation, execute arbitrary code, and escalate privileges. The impacted devices include iPhone 8 and later, iPad mini 5th generation and later, Macs running macOS Monterey and newer, and Apple Watch Series 4 and later. The zero-days were discovered and reported by security researchers at Citizen Lab and Google's Threat Analysis Group.
The incomplete information provided by Apple and Google regarding critical zero-day vulnerabilities in their products has caused a blindspot, leaving numerous offerings from other developers unpatched.
Apple has released urgent security updates to patch vulnerabilities actively exploited, including flaws in WebKit, certificate validation, and kernel access, which were part of an exploit chain used to plant the Pegasus and Predator spyware.
Users of Apple's iPhone, iPad, Apple Watch, and Mac are being warned to update their devices immediately due to active and sophisticated spyware attacks targeting high-profile individuals, with the security update addressing three critical vulnerabilities.
The Xenomorph Android malware has been upgraded to target over 100 banking and crypto apps, using a new "mimic" feature to act as another app and a "ClickOnPoint" feature to simulate taps on a phone's screen, making it a highly dangerous strain of malware that users should avoid falling victim to at all costs.
Google has released an emergency patch for a zero-day vulnerability in Chrome that was exploited by a commercial spyware vendor, and the vulnerability has been linked to the zero-click iMessage exploit chain used to deploy the NSO Group's Pegasus spyware on compromised iPhones.
Apple has released an emergency patch to address a serious security flaw that may have already been exploited by attackers, marking the 16th documented zero-day exploit against Apple's iOS, iPadOS, and macOS-powered devices.