all InfoSec news
Apple patches two zero-days under attack (CVE-2023-41064, CVE-2023-41061)
Help Net Security www.helpnetsecurity.com
Apple has patched two zero-day vulnerabilities (CVE-2023-41064, CVE-2023-41061) exploited to deliver NSO Group’s Pegasus spyware. “The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim,” Citizen Lab shared. “The exploit involved PassKit attachments containing malicious images sent from an attacker iMessage account to the victim.” About the vulnerabilities CVE-2023-41064 is a buffer overflow vulnerability in the ImageI/O framework, which allows applications to read and … More
The post …
0 day apple attachments attack attacker citizen lab cve cve-2023-41061 cve-2023-41064 don't miss exploit exploited hot stuff images imessage ios iphones lab latest macos malicious nso nso group patches pegasus pegasus spyware running spyware under version victim vulnerabilities zero-day zero-days zero-day vulnerabilities