News and promotions straight to your mailbox.
Apple Zero Click Spyware
Apple zero-click iMessage exploit allows an attacker to infect iPhones with spyware without any interaction from the end user. This vulnerability is associated to 2 CVEs that have recently been seen exploited in the wild. Security researchers are referring to the exploit chain as (BLASTPASS). BLASTPASS is being use to deploy well known commercial spyware (PEGASUS) onto fully patched iPhones. The observed exploits were said to have involved malicious PassKit attachment images sent from an attacker’s iMessage to the victim.
The two CVEs for this exploit are CVE-2023-41064 and CVE-2023-41061. CVE-2023-41064 Is a vulnerability regarding malicious images that triggers a buffer overflow, and CVE-2023-41061 is a validation vulnerability that is exploited via malicious attachment. These issues have been addressed in Apples most recent software updates for each platform it offers.
Terminal Brew recommends requiring all users to update any Apple devices to the most recent software update. In addition to further educating users about threats associated to spyware, messaging platforms and common phishing techniques.
Further details about this vulnerability can be found at https://www.bleepingcomputer.com/news/security/apple-zero-click-imessage-exploit-used-to-infect-iphones-with-spyware/