[KrebsOnSecurity] iOS /iPadOS users vulnerable to ZERO-CLICK surf-by malware install unless updated to 16.6.1 or engage lockdown mode

>On Sept. 7, researchers at Citizen Lab warned they were seeing active exploitation of a “zero-click,” zero-day flaw to install spyware on iOS devices without any interaction from the victim.

>“The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim,” the researchers wrote.

>According to Citizen Lab, the exploit uses malicious images sent via iMessage, an embedded component of Apple’s iOS that has been the source of previous zero-click …

citizen lab click cybersecurity devices exploit exploitation flaw install ios ios devices ipados iphones lab latest lockdown lockdown mode malware mode researchers running spyware surf version victim vulnerable zero-click zero-day zero-day flaw