The iOS 16.6.1 update Apple released on Wednesday includes a patch for the exploit chain that allowed Pegasus spyware to compromise iPhones running iOS 16.6 with no interaction from the victim.
The exploit was first discovered on an iPhone owned by an employee of a Washington DC-based civil society organization. The exploit was used to install NSO Group’s Pegasus mercenary spyware.
Toronto’s Citizen Lab reports that the exploit involves PassKit containing “malicious images sent from an attacker iMessage account to the victim.”
We refer to the exploit chain as BLASTPASS. The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim.
The exploit involved PassKit attachments containing malicious images sent from an attacker iMessage account to the victim.
We expect to publish a more detailed discussion of the exploit chain in the future.
Citizen Lab informed Apple about their findings, and the Cupertino firm promptly issued CVE-2023-41064 and CVE-2023-41061 related to the exploit chain. The iOS 16.6.1 patch fixes the security hole.
(Via AppleInsider)