Apple patches two zero-days under attack (CVE-2023-41064, CVE-2023-41061) | allinfosecnews.com

Sept. 8, 2023, 8:39 a.m. | Zeljka Zorz

Help Net Security www.helpnetsecurity.com

Apple has patched two zero-day vulnerabilities (CVE-2023-41064, CVE-2023-41061) exploited to deliver NSO Group’s Pegasus spyware. “The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim,” Citizen Lab shared. “The exploit involved PassKit attachments containing malicious images sent from an attacker iMessage account to the victim.” About the vulnerabilities CVE-2023-41064 is a buffer overflow vulnerability in the ImageI/O framework, which allows applications to read and … More →

The post …

0 day apple attachments attack attacker citizen lab cve cve-2023-41061 cve-2023-41064 don't miss exploit exploited hot stuff images imessage ios iphones lab latest macos malicious nso nso group patches pegasus pegasus spyware running spyware under version victim vulnerabilities zero-day zero-days zero-day vulnerabilities

More from www.helpnetsecurity.com / Help Net Security

US exposes scheme enabling North Korean IT workers to bypass sanctions 1 day, 16 hours ago | www.helpnetsecurity.com

bypass charges companies department +20

The importance of access controls in incident response 1 day, 18 hours ago | www.helpnetsecurity.com

access access control access controls access management +25

Kroll expands its document review capabilities to accelerate incident response 1 day, 19 hours ago | www.helpnetsecurity.com

accelerate capabilities carriers data +17

GitLab unveils AI capabilities to help organizations better secure their software 1 day, 20 hours ago | www.helpnetsecurity.com

ai capabilities build capabilities chat +17

The IT skills shortage situation is not expected to get any better 1 day, 23 hours ago | www.helpnetsecurity.com

american cybersecurity growth idc +16

Organizations struggle to defend against ransomware 1 day, 23 hours ago | www.helpnetsecurity.com

center critical infrastructure cybersecurity director +20

Too many ICS assets are exposed to the public internet 2 days ago | www.helpnetsecurity.com

assets attack attack surface attack surface management +21

New infosec products of the week: May 17, 2024 2 days ago | www.helpnetsecurity.com

alerts anti-spam automated broadband +20

Critical Git vulnerability allows RCE when cloning repositories with submodules (CVE-2024-32002) 2 days, 16 hours ago | www.helpnetsecurity.com

attackers can clone cloning +26

Information Security Engineers

@ D. E. Shaw Research | New York City

View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada

View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

View on infosec-jobs.com

Consultant Sécurité SI Gouvernance - Risques - Conformité H/F - Strasbourg

@ Hifield | Strasbourg, France

View on infosec-jobs.com

Lead Security Specialist

@ KBR, Inc. | USA, Dallas, 8121 Lemmon Ave, Suite 550, Texas

View on infosec-jobs.com

Consultant SOC / CERT H/F

@ Hifield | Sèvres, France

View on infosec-jobs.com