NewsBizkoot.com

BUSINESS News for MILLENIALAIRES

Apple fixes zero-day bugs used to deliver Pegasus spyware on iPhones; update your iOS, macOS now

2 min read

Apple has fixed two zero-day vulnerabilities actively being used to deliver Israel-based NSO Group’s Pegasus spyware on iPhones.

Internet watchdog group Citizen Lab, while checking the device of an individual employed by a Washington DC-based civil society organisation with international offices, found the zero-click vulnerability.

“The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim,” Citizen Lab said in a statement late on Thursday.

IANS

They refered to the exploit chain as ‘BLASTPASS’. The exploit involved PassKit attachments containing malicious images sent from an attacker iMessage account to the victim.

Citizen Lab immediately disclosed our findings to Appleand assisted in their investigation.

Apple issued two CVEs related to this exploit chain (CVE-2023-41064 and CVE-2023-41061).

“We would like to acknowledge The Citizen Lab at The University of Torontoʼs Munk School for their assistance,” said the tech giant.

Apple MacBook Air 15-inch review

Apple MacBook Air 15-inchIBT

Citizen Lab has urged everyone to immediately update their devices.

“We encourage everyone who may face increased risk because of who they are or what they do to enable Lockdown Mode,” the researchers said.

Apple’supdate will secure devices belonging to regular users, companies, and governments around the globe.

“The ‘BLASTPASS’ discovery highlights the incredible value to our collective cybersecurity of supporting civil society organizations,” said the watchdog.

(With inputs from IANS)

About Author