deltatux :donor: on Nostr: A new actively exploited zero-day vulnerability in iOS has been disclosed by ...
A new actively exploited zero-day vulnerability in iOS has been disclosed by researchers from npub1h662kslx3s4e4y0ny97snasj8d0m22yld2xt6rn8zjpyj8nz4f7q8e0ec3 (npub1h66…0ec3).
This vulnerability is being used by the "BLASTPASS" exploit to deploy NSO Group's Pegasus mercenary spyware. The exploit involves a PassKit attachment that contains malicious images sent from an attacker iMessage account to its victim. The researchers also note that no user interaction is required by the victim for this exploit to work.
Apple has since released patches for this zero-day vulnerability. Both Apple & Citizen Lab urges iPhone users to update as soon as possible.
https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/
Apple security advisory: https://support.apple.com/en-us/HT213905
#infosec #cybersecurity #zeroday #blastpass #citizenlab #nsogroup #pegasus #spyware #iOS #iPhone #iMessage #patchnow
This vulnerability is being used by the "BLASTPASS" exploit to deploy NSO Group's Pegasus mercenary spyware. The exploit involves a PassKit attachment that contains malicious images sent from an attacker iMessage account to its victim. The researchers also note that no user interaction is required by the victim for this exploit to work.
Apple has since released patches for this zero-day vulnerability. Both Apple & Citizen Lab urges iPhone users to update as soon as possible.
https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/
Apple security advisory: https://support.apple.com/en-us/HT213905
#infosec #cybersecurity #zeroday #blastpass #citizenlab #nsogroup #pegasus #spyware #iOS #iPhone #iMessage #patchnow