Anyone who regularly follows international news may have stumbled across the Pegasus spy software several times in the last few months. Israel-based cyber software company NSO Group develops this software, which can read a target’s text messages, listen to calls, track cell phone locations, and more. The software made headlines after several nations were found to be using it to spy on journalists, activists and other targets of interest.
Apparently, Apple’s current mobile operating system iOS 16.6 has a zero-day, zero-click exploit that discoverer Citizen Lab calls “Blastpass.” This means the exploit doesn’t need any user interaction to get active. Both PassKit and the Apple SDK are part of the process. This allows developers to simply integrate Apple Pay into their apps, send some malicious images via iMessage, and the exploit will activate without any action from the user. Citizen Lab successfully installed Pegasus on a target device using this exploit and immediately reported the matter to Apple.
A fix has now been implemented in iOS 16.6.1. Apple recommends that all users install the update as soon as possible. Apparently, the potential impact of the exploit is quite severe and far-reaching. Citizen Lab has even advised users concerned about their privacy to turn on iOS lock mode. This is a new iOS feature that severely limits the functions of Apple smartphones.
In other recent news, China has just banned the use of iPhones by government officials. This doesn’t necessarily have to be related to the current exploit. But Apple definitely has one or two issues with its iPhones at the moment.
