Apple Hit By 2 No-Click Zero-Days in Blastpass Exploit Chain

  /     /     /  
Publicated : 23/11/2024   Category : security


Apple Hit By 2 No-Click Zero-Days in Blastpass Exploit Chain


Researchers at Citizen Lab recommend immediately updating any iPhones and iPads to the latest OSes.



Citizen Lab discovered two no-click zero-day vulnerabilities while checking an unidentified individuals device, which was delivering mercenary spyware from NSO Groups Pegasus.
Citizen Lab
 disclosed this information to
Apple
immediately and has assisted with the investigation. Apple, in turn, added two CVEs to this exploit chain: CVE-2023-41064 and CVE-2023-41061.
Researchers at Citizen Lab are calling the exploit chain Blastpass, which can compromise iPhones running iOS 16.6.1 and tablets running iPadOS 16.6.1 without any victim interaction. Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited, the company said 
in a statement
.
This
vulnerability
has been addressed in Apples most recent round of patches, and researchers recommend users update their devices. Those who are at extremely high risk due to their identity or profession should enable 
lockdown mode,
 an extreme protection measure for those who might be targeted in sophisticated digital threats, though few are ever attacked in such a manner. 

Last News

▸ Veritabile Defecte de Proiectare a Securitatii in Software -> Top 10 Software Security Design Flaws ◂
Discovered: 23/12/2024
Category: security

▸ Sony, XBox Targeted by DDoS Attacks, Hacktivist Threats ◂
Discovered: 23/12/2024
Category: security

▸ There are plenty of online tools for reporting bugs. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Apple Hit By 2 No-Click Zero-Days in Blastpass Exploit Chain