The spywarespyware Pegasus, marketed by the Israeli company NSO Group, has just made a very notable comeback. The Canadian research laboratory Citizen Lab discovered last week the presence of malwaremalware on theiPhoneiPhone from an employee of a civil society organization based in Washington DC The infection is particularly worrying since it uses a new “zero-click” vulnerability called Blastpass, present in version 16.6 ofiOSiOS. In other words, the infection did not require any interaction on the part of the victim.
An update for iPhone, iPad, Mac and Apple Watch
Two flaws were discovered in collaboration with AppleApple, named CVE-2023-41064 and CVE-2023-41061. The first is a buffer overflow at the Image I/O component allowing the execution of arbitrary code using a simple image. The second in WalletWallet allows execution of arbitrary code using a PassKit attachment. The victim was infected by simply receiving attachments in iMessage, without any interaction on their part.
Apple immediately reacted by publishing update 16.6.1 for iOS and iPadOS, as well as macOS Ventura 13.5.2 and watchOS 9.6.2. The firm also added that Isolation mode (Lockdown) can block this attack.
rewrite this content and keep HTML tags