Carding
Professional
- Messages
- 2,871
- Reaction score
- 2,308
- Points
- 113
The corporation left no chance for spies, increasing the security of outdated devices.
Apple has released security updates for older iPhones to fix the zero-day vulnerability CVE-2023-41064, which was actively used to infect iOS devices with NSO Pegasus spyware.
CVE-2023-31064 — This is a remote code execution vulnerability that is used to send malicious images via iMessage.
As Citizen Lab reported earlier this month, CVE-2023-31064 and a second vulnerability, CVE-2023-41061, were used as a chain of Zero-Click attacks dubbed BLASTPASS, which involves sending specially crafted images in iMessage PassKit attachments to install spyware. When the phones received and processed the attachment, it installed NSO's Pegasus spyware even on fully patched iOS 16.6 devices.
After discovering the flaws, Apple released two bug fixes for macOS Ventura 13.5.2, iOS 16.6.1, iPadOS 16.6.1, and watchOS 9.6.2. Security updates have now been moved to iOS 15.7.9 and iPadOS 15.7.9, macOS Monterey 12.6.9, and macOS Big Sur 11.7.10 to prevent the use of chain attacks on these devices.
The security updates cover all iPhone 6s, iPhone 7, first-generation iPhone SE, iPad Air 2, fourth-generation iPad mini, and seventh-generation iPod touch models. Although no attacks have been observed on macOS computers, the vulnerability can theoretically be exploited there, so we strongly recommend installing security updates.
The vulnerabilities were used to attack civil society representatives in Washington, DC-a collection of different organizations, groups and individuals that act independently of the state and express the interests and needs of different segments of the population.
Apple has released security updates for older iPhones to fix the zero-day vulnerability CVE-2023-41064, which was actively used to infect iOS devices with NSO Pegasus spyware.
CVE-2023-31064 — This is a remote code execution vulnerability that is used to send malicious images via iMessage.
As Citizen Lab reported earlier this month, CVE-2023-31064 and a second vulnerability, CVE-2023-41061, were used as a chain of Zero-Click attacks dubbed BLASTPASS, which involves sending specially crafted images in iMessage PassKit attachments to install spyware. When the phones received and processed the attachment, it installed NSO's Pegasus spyware even on fully patched iOS 16.6 devices.
After discovering the flaws, Apple released two bug fixes for macOS Ventura 13.5.2, iOS 16.6.1, iPadOS 16.6.1, and watchOS 9.6.2. Security updates have now been moved to iOS 15.7.9 and iPadOS 15.7.9, macOS Monterey 12.6.9, and macOS Big Sur 11.7.10 to prevent the use of chain attacks on these devices.
The security updates cover all iPhone 6s, iPhone 7, first-generation iPhone SE, iPad Air 2, fourth-generation iPad mini, and seventh-generation iPod touch models. Although no attacks have been observed on macOS computers, the vulnerability can theoretically be exploited there, so we strongly recommend installing security updates.
The vulnerabilities were used to attack civil society representatives in Washington, DC-a collection of different organizations, groups and individuals that act independently of the state and express the interests and needs of different segments of the population.
