Apple issues an urgent security update as the Pegasus spyware exploit is found targeting iPhones without any user interaction.
Apple has issued an urgent security update to fix a zero-click vulnerability that was being used to deliver NSO Group’s Pegasus spyware to iPhones.
The vulnerability, which was discovered by Citizen Lab, is known as BLASTPASS. It allows attackers to compromise iPhones running the latest version of iOS (16.6) without any interaction from the victim.
The exploit involves PassKit attachments containing malicious images sent from an attacker’s iMessage account to the victim. When the victim opens the attachment, the malicious code is executed and the device is infected with Pegasus spyware.
Pegasus is a powerful spyware that can be used to track a victim’s location, record their calls and messages, and even access their camera and microphone. It has been used by governments to target journalists, activists, and political opponents.
Apple has released a security update that fixes the BLASTPASS vulnerability. The update is available for all iPhones running iOS 16.6 and later.
In a blog post, Citizen Lab also urged users to enable Lockdown Mode, a new feature that provides additional security protections for users who may be at risk of targeted attacks. Lockdown Mode disables a number of features on the iPhone, including iMessage attachments, wired connections, and Face ID authentication with unknown devices.
The BLASTPASS vulnerability is a serious security issue, but Apple’s quick response and patch cycle should help to protect users. The discovery of the vulnerability also highlights the importance of supporting civil society organizations, which often play a vital role in identifying and exposing these types of threats.
Here are some additional tips for protecting your iPhone from malware and other cyberattacks:
- Keep your software up to date.
- Only download apps from trusted sources.
- Use a strong password and enable two-factor authentication.
- Be careful about what links you click on and what files you open.
- Be suspicious of any emails or messages that ask for personal information.
- QuaDream: Israeli Cyber Mercenary Behind iPhone Hacks
- Israeli spyware used in hacking phones of journalists globally
- Android Version of Sophisticated Pegasus Spyware Discovered
- Israeli Spyware Vendor Uses Chrome 0day to Target Journalists
- European Spyware Vendor Offering Android and iOS Device Exploits