Apple Rolls Out iOS Update to Address iPhone Spyware Exploit
Apple has just released iOS 16.6.1 as an emergency security update after Citizen Lab found zero-click vulnerabilities in fully updated iPhones earlier this week. These vulnerabilities were responsible for delivering Israeli NSO Group’s “Pegasus” commercial spyware to phones without the knowledge of the phone’s owner.
Citizen Lab first found these exploits on the phone of a Washington based civil society’s employee. Since then, the lab contacted Apple, and so, two CVEs were generated for this attack – CVE-2023-41064 and CVE-2023-41061. Both of these are collectively known as the BlastPass Exploit Chain, which worked by sending malicious images from the attacker’s iMessage to the infectee using PassKit (framework used by devs to access Apple Wallet)
In cybersecurity, CVEs are used to reference and track known vulnerabilities across devices.
This attack primarily affects devices that aren’t, or couldn’t be updated to iOS 17. These include “iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later.”
For these, Apple – after identifying the attack, has issued an immediate security update, and for those needing increased privacy, Apple has confirmed that switching to “Lockdown Mode” blocks the chain of attacks.
We commend Apple for their rapid investigative response and patch cycle, and we acknowledge the victim and their organisation for their collaboration and assistance. This latest find shows once again that civil society is targeted by highly sophisticated exploits and mercenary spyware.
Citizen Lab
In the meantime, all users have to do is update to this newest 16.6.1 update, since hackers could already been exploiting this attack. Citizen Lab hasn’t disclosed all the intricacies relating to it’s findings, but has stated that it’ll soon release a more detailed report on the matter.
This is all we know for now, but we will make sure to keep you updated as new information becomes available.