Apple Patches Zero-Day Vulnerabilities That Allowed Covert Installation of Spyware on iOS and macOS

Visit Us
Follow Me
Photo by Dennis Brendel on Unsplash

Apple has released security updates for iOS, iPadOS, macOS, and watchOS, closing zero-day vulnerabilities that could be exploited to deliver malicious and spyware payloads through “maliciously crafted images” or other file attachments.

The vulnerabilities have been addressed in Apple’s updates for iOS 16.6.1, iPadOS 16.6.1, macOS 13.5.2, and watchOS 9.6.2. No updates have been provided for older versions, such as iOS 15 and macOS 12.

The vulnerabilities, assigned the CVE identifiers CVE-2023-41064 and CVE-2023-41061, were discovered by Citizen Lab at the Munk School of Global Affairs and Public Policy at the University of Toronto. These vulnerabilities, collectively known as BLASTPASS, pose a significant threat as they allow attackers to compromise a device by merely sending a specially crafted image or attachment via iMessage. No additional user interaction is required, making these vulnerabilities zero-click exploits.

Citizen Lab noted that the BLASTPASS vulnerability “was used to install NSO Group’s Pegasus spyware,” referring to the Israeli developer’s suite of exploits targeting iOS and Android devices. To protect against such vulnerabilities, even before they are discovered and patched, Apple introduced the “Lockdown Mode” in iOS and macOS. This mode blocks many types of attachments and disables link previews, preventing the exploitation of similar vulnerabilities.

Author Profile

Vasyl Kolomiiets
Vasyl Kolomiiets
I'm Vasyl Kolomiiets, a seasoned tech journalist regularly contributing to global publications. Having a profound background in information technologies, I seamlessly blended my technical expertise with my passion for writing, venturing into technology journalism. I've covered a wide range of topics including cutting-edge developments and their impacts on society, contributing to leading tech platforms.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *