Apple has released iOS 16.6.1 for iPhones, which fixes an "actively exploited zero-click vulnerability". All iPhone and iPad owners should update their OS software immediately, as this is one of the most severe types of security issues. The vulnerability can be exploited with zero interaction from the victim; the attacker merely needs to send an iMessage with a maliciously crafted image. The Citizen Lab discovered the vulnerability — which they have dubbed "Blastpass" — being actively exploited in the wild and used to install NSO Group's Pegasus "mercenary spyware", which gives the attacker nearly complete access to the target device. The exploit involves "a validation issue" with the PassKit API in Wallet, in combination with a buffer overflow issue in Apple's image-processing framework. Buffer overflows are a common issue relating to memory handling, and a common cause of security vulnerabilities.
from Phone Scoop - Latest News https://ift.tt/iy086B9
No comments:
Post a Comment