Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security...
16.1K views | +0 today
Follow
Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security...
Education Technology
Everything related to the (in)security of Apple products
Curated by Gust MEES
Your new post is loading...
Your new post is loading...
Scooped by Gust MEES
Scoop.it!

Apple zero-click iMessage exploit used to infect iPhones with spyware

Apple zero-click iMessage exploit used to infect iPhones with spyware | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
From www.bleepingcomputer.com - September 14, 2023 3:45 PM

Citizen Lab says two zero-days fixed by Apple today in emergency security updates were actively abused as part of a zero-click exploit chain (dubbed BLASTPASS) to deploy NSO Group's Pegasus commercial spyware onto fully patched iPhones.

The two bugs, tracked as CVE-2023-41064 and CVE-2023-41061, allowed the attackers to infect a fully-patched iPhone running iOS 16.6 and belonging to a Washington DC-based civil society organization via PassKit attachments containing malicious images.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

https://www.scoop.it/topic/apple-mac-ios4-ipad-iphone-and-in-security/?&tag=Blastpass

 

Gust MEES's insight:

Citizen Lab says two zero-days fixed by Apple today in emergency security updates were actively abused as part of a zero-click exploit chain (dubbed BLASTPASS) to deploy NSO Group's Pegasus commercial spyware onto fully patched iPhones.

The two bugs, tracked as CVE-2023-41064 and CVE-2023-41061, allowed the attackers to infect a fully-patched iPhone running iOS 16.6 and belonging to a Washington DC-based civil society organization via PassKit attachments containing malicious images.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

https://www.scoop.it/topic/apple-mac-ios4-ipad-iphone-and-in-security/?&tag=Blastpass

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Apple backports BLASTPASS zero-day fixes to older iPhones

Apple backports BLASTPASS zero-day fixes to older iPhones | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
From www.bleepingcomputer.com - September 12, 2023 10:03 AM

Apple released security updates for older iPhones to fix a zero-day vulnerability tracked as CVE-2023-41064 that was actively exploited to infect iOS devices with NSO's Pegasus spyware.

CVE-2023-31064 is a remote code execution flaw that is exploited by sending maliciously crafted images via iMessage.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

 

Gust MEES's insight:

Apple released security updates for older iPhones to fix a zero-day vulnerability tracked as CVE-2023-41064 that was actively exploited to infect iOS devices with NSO's Pegasus spyware.

CVE-2023-31064 is a remote code execution flaw that is exploited by sending maliciously crafted images via iMessage.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

more...
No comment yet.
Sign up to comment
About Follow us Resources Terms Mobile Features
Facebook
X
LinkedIn