CATEGORIES
home News

Apple Plugs A Gaping Zero-Day Security Hole In iPhone And iPad, Install ASAP

by Nathan OrdFriday, September 08, 2023, 02:46 PM EDT
apple device zero click exploit chain leads to pegasus spyware
As we await the next generation of iPhone, Apple is engaged with other issues at the current moment, such as two new vulnerabilities discovered in iOS, iPadOS, watchOS, and MacOS. As such, Apple device owners should update their devices as soon as possible with the released security patch to prevent the infection chain for NSO Group’s Pegasus spyware.

At the top of September, The Citizen Lab was investigating the device of someone who worked in Washington, DC, at a “civil society organization with international offices.” In this investigation, the team found an actively exploited infection chain tied to the NSO Group’s Pegasus spyware. This exploit chain was dubbed BLASTPASS and was “capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim.”

alert apple device zero click exploit chain leads to pegasus spyware

This infection chain was predicated on PassKit attachments with malicious images sent from a threat actor’s iMessage to the victim, who did not have to interact with the content, per The Citizen Lab report. Subsequently, the Lab sent its findings to Apple, whereupon two CVEs, or Common Vulnerabilities and Exposures, were generated: CVE-2023-41064 and CVE-2023-41061.

With this, Apple has pushed an update to iOS, iPadOS, watchOS, and MacOS that targets the vulnerabilities mentioned above within ImageIO and Wallet. Of course, it is highly recommended that Apple users update all their devices to this latest update to protect themselves from the infection chain. However, The Citizen Lab notes that “Apple’s Security Engineering and Architecture team has confirmed to [the Lab], that Lockdown Mode blocks this particular attack.”

For those unaware, Lockdown Mode is an option available in iOS 16, iPadOS 16, and macOS Ventura that reduces the attack surface of the device by disabling certain functions. Therefore, if you think you are at risk, it is worth enabling this setting as it seems to disrupt many of these zero-day, zero-click exploit chains for Apple.
Tags:  Apple, security, cybersecurity, (NASDAQ:AAPL)
Nathan Ord

Nathan Ord

Nathan Ord is a tech nerd through and through.  Following any technology, from home and business applications to VR, anything is up his alley.  Starting out as the family repair guy and local "tech expert" for those around him, he helped out wherever he could.  Nathan came aboard HotHardware in 2020 and continuously enjoys what he does.  In his free time, he enjoys volunteering, playing video games, and just relaxing with friends. 
Opinions and content posted by HotHardware contributors are their own.
TOP STORIES
Which New GPU Is For You?
More Results
KEEP INFORMED

Stay updated with the latest news and updates. Subscribe to our newsletter!

Subscribe Now
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2026 Hot Hardware Inc, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment