Oddbean new post about | logout
Catalin Cimpanu | 1 years ago (raw) | export | reply | flag 
 Apple releases iOS and macOS security updates to fix two zero-days, one discovered by CitizenLab

https://support.apple.com/en-us/HT201222

https://files.mastodon.social/media_attachments/files/111/025/110/396/535/064/original/3b5ce0ed51305a47.png
Catalin Cimpanu | 1 years ago (raw) | root | parent | reply | flag 
 More on this from CitizenLab, which says both iOS zero-days were part of a zero-click no-user-interaction exploit chain named BLASTPASS.

The exploit was used in the wild to install the NSO Group Pegasus spyware on the latest version of iOS (16.6).

https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/