Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News Editorials & Other Articles General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

usonian

(13,836 posts)
Thu Sep 7, 2023, 04:14 PM Sep 2023

NSO Group iPhone Zero-Click, Zero-Day Exploit Captured in the Wild. Apple has an update for ios. Check "Settings" now.

https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/

The update is 16.6.1

Last week, while checking the device of an individual employed by a Washington DC-based civil society organization with international offices, Citizen Lab found an actively exploited zero-click vulnerability being used to deliver NSO Group’s Pegasus mercenary spyware.

The BLASTPASS Exploit Chain
We refer to the exploit chain as BLASTPASS. The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim.

The exploit involved PassKit attachments containing malicious images sent from an attacker iMessage account to the victim.

We expect to publish a more detailed discussion of the exploit chain in the future.
1 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
NSO Group iPhone Zero-Click, Zero-Day Exploit Captured in the Wild. Apple has an update for ios. Check "Settings" now. (Original Post) usonian Sep 2023 OP
Ha I knew it. Got a vanishing notification the other day. MutantAndProud Sep 2023 #1
Latest Discussions»Help & Search»Computer Help and Support»NSO Group iPhone Zero-Cli...