Apple released a series of security updates on Thursday to address two zero-day exploits that were utilized to target an individual from a civil society organization based in Washington, D.C. These zero-day vulnerabilities, which refers to hacking techniques that were previously unknown to Apple, were discovered by researchers who promptly reported them to the company. The vulnerabilities involved a zero-click method that enabled attackers to deliver the infamous Pegasus spyware developed by NSO Group without any user interaction.
Key Takeaway
Apple released essential security updates to address two zero-day vulnerabilities that were exploited to target a member of a civil society organization in Washington, D.C. These vulnerabilities allowed for the remote deployment of the notorious Pegasus spyware developed by NSO Group. Apple promptly resolved the discovered exploits and urged all iPhone users to update their devices to the latest software version to safeguard against potential cyber threats.
The Discovery
Internet watchdog Citizen Lab, known for investigating government malware, uncovered one of the zero-day vulnerabilities, referred to as “BLASTPASS,” as it exploited PassKit, a framework that enables developers to integrate Apple Pay into their applications. This particular vulnerability allowed the hackers to target iPhone users without requiring any action on the part of the victim. Upon discovering the exploit, Citizen Lab promptly reported their findings to Apple, who developed and subsequently released a patch to address the issue.
Apple’s Response
Apple’s security update not only addressed the zero-day vulnerability reported by Citizen Lab but also acknowledged another vulnerability which Apple’s internal team discovered during their investigation. The company issued its gratitude to Citizen Lab for their assistance in identifying the exploits and promptly reporting them. Apple’s spokesperson declined to comment further and directed inquiries to the provided security update notes.
Ensuring User Security
In light of these discoveries, Citizen Lab strongly recommended that all iPhone users update their devices to the latest software version. By doing so, users can ensure that their devices are protected against potential attacks and mitigate the risk of falling victim to spyware or other cyber threats.