Zero-Click Exploit in iPhones

Make sure you update your iPhones:

Citizen Lab says two zero-days fixed by Apple today in emergency security updates were actively abused as part of a zero-click exploit chain (dubbed BLASTPASS) to deploy NSO Group’s Pegasus commercial spyware onto fully patched iPhones.

The two bugs, tracked as CVE-2023-41064 and CVE-2023-41061, allowed the attackers to infect a fully-patched iPhone running iOS 16.6 and belonging to a Washington DC-based civil society organization via PassKit attachments containing malicious images.

“We refer …

apple attackers blastpass bugs citizen lab click commercial commercial spyware cve cve-2023-41061 cve-2023-41064 deploy emergency exploit exploits infect ios iphone iphones lab nso nso group pegasus security security updates spyware today update updates vulnerabilities zero-click zero-click exploit zero-days