Apple fixes vulnerabilities that allowed spyware to be injected unnoticed

Apple fixes vulnerabilities that allowed spyware to be injected unnoticed on iOS and macOS

Apple has released security updates for iOS, iPadOS, macOS, and watchOS that address zero-day vulnerabilities that could be used to deliver malware and spyware “maliciously prepared image” or attachments in another format.

    Image source:

Image source:

The vulnerabilities are fixed in Apple iOS 16.6.1, iPadOS 16.6.1, macOS 13.5.2 and watchOS 9.6.2 updates. There were no updates for older versions – iOS 15 and macOS 12.

Vulnerabilities CVE-2023-41064 and CVE-2023-41061 discovered at the Citizen Lab of the University of Toronto Munch School of Global Affairs and Public Policy – ​​they have been given the generic designation BLASTPASS. Software bugs pose a fairly serious threat: for an attack, it is enough to simply send a special image or an attachment in a different format to the user via iMessage, which will be downloaded to the victim’s device – there were no further actions on the Device required part of user to infect the device. Therefore, such vulnerabilities belong to the zero-click class.

Citizen Lab added that the BLASTPASS vulnerability exists “Used to install NSO Group’s Pegasus spyware” – An Israeli developer has a full set of exploits to attack iOS and Android devices. To protect itself from such vulnerabilities, even if they have not yet been discovered and fixed, Apple has implemented what is known as “lockdown mode” in iOS and macOS – this blocks many types of attachments in particular and disables the link preview, thus preventing such exploits Mistake.

About the author

Robbie Elmers

Robbie Elmers is a staff writer for Tech News Space, covering software, applications and services.

Add Comment

Click here to post a comment