all InfoSec news
Zero-Click Exploit in iPhones
Schneier on Security www.schneier.com
Make sure you update your iPhones:
Citizen Lab says two zero-days fixed by Apple today in emergency security updates were actively abused as part of a zero-click exploit chain (dubbed BLASTPASS) to deploy NSO Group’s Pegasus commercial spyware onto fully patched iPhones.
The two bugs, tracked as CVE-2023-41064 and CVE-2023-41061, allowed the attackers to infect a fully-patched iPhone running iOS 16.6 and belonging to a Washington DC-based civil society organization via PassKit attachments containing malicious images.
“We refer …
apple attackers blastpass bugs citizen lab click commercial commercial spyware cve cve-2023-41061 cve-2023-41064 deploy emergency exploit exploits infect ios iphone iphones lab nso nso group pegasus security security updates spyware today update updates vulnerabilities zero-click zero-click exploit zero-days