09-14-2023, 10:23 PM
AppleInsider - Exploit patched in iOS 16.6.1 update delivered Pegasus spyware
<div style="margin: 5px 5% 10px 5%;"><img src="https://www.sickgaming.net/blog/wp-content/uploads/2023/09/exploit-patched-in-ios-16-6-1-update-delivered-pegasus-spyware.jpg" width="1312" height="731" title="" alt="" /></div><div><div class="col-sm-12" id="article-hero" aria-labelledby="hero-cap" role="figure"> <a href="https://www.sickgaming.net/blog/wp-content/uploads/2023/09/exploit-patched-in-ios-16-6-1-update-delivered-pegasus-spyware.jpg"> <img decoding="async" src="https://www.sickgaming.net/blog/wp-content/uploads/2023/09/exploit-patched-in-ios-16-6-1-update-delivered-pegasus-spyware.jpg" alt> </a> </div>
<p class="col-sm-12 article-lead">Apple’s operating system updates on Thursday patched an exploit chain capable of compromising <a href="https://appleinsider.com/inside/ios" title="iOS" data-kpt="1">iOS</a> 16.6 devices with the Pegasus spyware without any interaction from the victim.
</p>
<div class="col-sm-12">
<p>The exploit was discovered on an <a href="https://appleinsider.com/inside/iphone" title="iPhone" data-kpt="1">iPhone</a> owned by an individual employed by a Washington DC-based civil society organization. The exploit was used to deliver NSO Group’s Pegasus mercenary spyware. </p>
</div>
<div class="col-sm-12">
<p>Toronto’s Citizen Lab <a href="https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/">states that</a> the exploit involves PassKit containing “malicious images sent from an attacker iMessage account to the victim.”
</p>
</div>
<div class="col-sm-12">
<p>Citizen Lab disclosed their findings to Apple, who promptly issued CVE-2023-41064 and CVE-2023-41061 related to the exploit chain. The iOS 16.6.1 patch fixes the security gap, and Thursday’s report from Citizen Lab confirms that.
</p>
</div>
<div class="col-sm-12">
<p>Both Citizen Lab and <em>AppleInsider</em> recommend that iPhone owners update their devices as soon as feasible. Users can download the security fix by opening the Settings app, tapping Software Update, and installing iOS 16.6.1 from the menu.
</p>
</div>
<div class="col-sm-12">
<p>The security researchers will publish a more detailed discussion of the exploit chain in the future.</p>
</div>
</div>
https://www.sickgaming.net/blog/2023/09/...s-spyware/
<div style="margin: 5px 5% 10px 5%;"><img src="https://www.sickgaming.net/blog/wp-content/uploads/2023/09/exploit-patched-in-ios-16-6-1-update-delivered-pegasus-spyware.jpg" width="1312" height="731" title="" alt="" /></div><div><div class="col-sm-12" id="article-hero" aria-labelledby="hero-cap" role="figure"> <a href="https://www.sickgaming.net/blog/wp-content/uploads/2023/09/exploit-patched-in-ios-16-6-1-update-delivered-pegasus-spyware.jpg"> <img decoding="async" src="https://www.sickgaming.net/blog/wp-content/uploads/2023/09/exploit-patched-in-ios-16-6-1-update-delivered-pegasus-spyware.jpg" alt> </a> </div>
<p class="col-sm-12 article-lead">Apple’s operating system updates on Thursday patched an exploit chain capable of compromising <a href="https://appleinsider.com/inside/ios" title="iOS" data-kpt="1">iOS</a> 16.6 devices with the Pegasus spyware without any interaction from the victim.
</p>
<div class="col-sm-12">
<p>The exploit was discovered on an <a href="https://appleinsider.com/inside/iphone" title="iPhone" data-kpt="1">iPhone</a> owned by an individual employed by a Washington DC-based civil society organization. The exploit was used to deliver NSO Group’s Pegasus mercenary spyware. </p>
</div>
<div class="col-sm-12">
<p>Toronto’s Citizen Lab <a href="https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/">states that</a> the exploit involves PassKit containing “malicious images sent from an attacker iMessage account to the victim.”
</p>
</div>
<div class="col-sm-12">
<p>Citizen Lab disclosed their findings to Apple, who promptly issued CVE-2023-41064 and CVE-2023-41061 related to the exploit chain. The iOS 16.6.1 patch fixes the security gap, and Thursday’s report from Citizen Lab confirms that.
</p>
</div>
<div class="col-sm-12">
<p>Both Citizen Lab and <em>AppleInsider</em> recommend that iPhone owners update their devices as soon as feasible. Users can download the security fix by opening the Settings app, tapping Software Update, and installing iOS 16.6.1 from the menu.
</p>
</div>
<div class="col-sm-12">
<p>The security researchers will publish a more detailed discussion of the exploit chain in the future.</p>
</div>
</div>
https://www.sickgaming.net/blog/2023/09/...s-spyware/