A new actively exploited zero-day vulnerability in iOS has been disclosed by researchers from nostr:npub1h662kslx3s4e4y0ny97snasj8d0m22yld2xt6rn8zjpyj8nz4f7q8e0ec3.

This vulnerability is being used by the "BLASTPASS" exploit to deploy NSO Group's Pegasus mercenary spyware. The exploit involves a PassKit attachment that contains malicious images sent from an attacker iMessage account to its victim. The researchers also note that no user interaction is required by the victim for this exploit to work.

Apple has since released patches for this zero-day vulnerability. Both Apple & Citizen Lab urges iPhone users to update as soon as possible.

https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/

Apple security advisory: https://support.apple.com/en-us/HT213905

#infosec #cybersecurity #zeroday #blastpass #citizenlab #nsogroup #pegasus #spyware #iOS #iPhone #iMessage #patchnow