Update Your iPhone! New Spyware Attacks Targeting iOS 16.6 Captured in the Wild

Apple has issued emergency updates to iPhone and Mac users addressing two zero-day flaws exploited in a new wave of attacks by spyware operators.

The Citizen Lab at The University of Torontoʼs Munk School, notorious for its tireless fight against spyware, recently found a new zero-click vulnerability being actively exploited to deliver NSO Group’s infamous Pegasus malware.

“Last week, while checking the device of an individual employed by a Washington DC-based civil society organization with international offices, Citizen Lab found an actively exploited zero-click vulnerability being used to deliver NSO Group’s Pegasus mercenary spyware,” the team says.

The exploit, dubbed BLASTPASS, leverages weaknesses in two key areas of Apple’s software: ImageIO and Wallet. All the attacker has to do is to send a malicious Pass to the victim via iMessage, in a typical zero-click attack, as most spyware attacks go on iOS.

“The exploit involved PassKit attachments containing malicious images sent from an attacker iMessage account to the victim,” the team wrote, before promising to follow up with “a more detailed discussion of the exploit chain in the future.”

The two flaws leveraged in this exploit – CVE-2023-41064and CVE-2023-41061 – are addressed in Apple’s emergency updates issued Sept. 7:

iOS 16.6.1 and iPadOS 16.6.1

macOS Ventura 13.5.2

watchOS 9.6.2

Both Apple and The Citizen Lab recommend enabling Lockdown Mode, the iPhone’s extreme protection measure against mercenary spyware, to those who feel they may be targeted with surveillance software or spyware. Note that Lockdown Mode is designed to “cripple” some apps and features to reduce the attack surface of your device.

Bitdefender recommends that Apple customers also deploy a dedicated security solution on their iPhones and Macs to fend off the wider palette of cyberthreats, including malware, phishing, fraud, etc.

At Black Hat USA 2023, Bitdefender presented the macOS Threat Landscape Report, highlighting some of the key threats targeting Apple computers today.