Table of Contents
Introduction:
ios update: A zero-day weakness in iOS 16 that might allow attackers to remotely install spyware on a device without the iPhone owner’s involvement has been fixed by Apple in a crucial security update for iPhones. The exploit was found last week by the spyware research team Citizen Lab, which quickly alerted Apple.
Apple on Thursday published an urgent software update of iOS to address the vulnerability caused by the contentious Pegasus spyware developed by Israel-based NSO Group that was found on iPhones and iPads.
ios update: Key information
- On Thursday, researchers at Citizen Lab, a division of the University of Toronto, claimed to have found the Pegasus malware on the Apple device of a worker for a Washington-based civil society organization.
- Pegasus enabled users to transmit iMessage attachments containing hidden code to unwitting recipients, or what Citizen Lab terms “BLASTPASS,” enabling the spyware to take control of the device’s operations “without any interaction from the victim,” according to the Citizen Lab statement.
- Another vulnerability affecting Apple Wallet, where customers save their credit and debit card information, is also fixed by the update, however, Apple did not provide any further information.
- Citizen Lab urges all Apple users to upgrade their devices and recommends those who may face “increased risk” to activate Lockdown Mode—an Apple emergency safeguard that lessens cyberattacks—despite the fact that the spyware has previously been suspected of targeting government officials and journalists.
- Regarding the Citizen Lab investigation, NSO told Reuters that it had no immediate reaction.
ios update: Important statement
The Citizen Lab statement reads, “This latest find demonstrates once more that civil society is targeted by highly sophisticated exploits and mercenary spyware.”
Also, read " How to connect Apple Watch to Android without iPhone: Unleash the Revolutionary Hack!"
ios update Insights
The malware created by NSO has drawn criticism for a number of years since it can steal contacts, images, videos, location information, encrypted chats, and text messages from devices without the owners’ awareness. House Democrats demanded that NSO be put on a “blacklist” and possibly subject to sanctions after a number of media outlets asserted that its malware may have been used in 2021 to target the devices of journalists and international leaders in countries including Morocco and France.
Later that year, the American government placed NSO on a no-fly list for allegedly spying on lawyers, journalists, and government officials. The owner of the famous messaging service WhatsApp, Meta, along with other tech behemoths including Amazon and Apple, sued NSO for abusing a flaw in the software after NSO used its spyware to hack into the app. The lawsuit, which is still pending, claims that over 1,400 persons, including journalists and human rights advocates, were spied on using the spyware. Because it served as an agent for foreign governments and couldn’t identify the targets, the Israeli corporation said it was immune from suit.
iOS update: Key indicators
In its statement, Citizen Lab indicated that it would soon provide further information on the exploit chain but did not name the employee or business that was affected.
Just days after this issue was found, Apple has now published iOS 16.6.1, and even if you don’t think your iPhone will be targeted by spyware, you should still apply this update. There are still a lot of people eager to try to figure out how to exploit this new vulnerability by reverse engineering iOS security patches, which increases the possibility of more extensive attacks.
For obvious reasons, Citizen Lab hasn’t fully outlined the vulnerability, but the exploit requires PassKit attachments that are stuffed with malicious photos and distributed via iMessage. PassKit is the framework underpinning Apple Pay and Wallet. In the future, Citizen Lab states, “We expect to publish a more in-depth discussion of the exploit chain.”
In the past few years, iOS security flaws have frequently made headlines, particularly when they were aggressively exploited before Apple became aware of them. Even better, Apple has created a Rapid Security Response mechanism that enables the addition of security updates to an iPhone without requiring a device reboot.
It’s important to note that Citizen Lab claims Apple’s Lockdown option can shield users from this most recent attack, so if you run the danger of being the victim of state-sponsored spyware, it’s definitely worth turning this option on.
