Emergency Security Update Addressing Two Zero-Days Affecting iPhones and Macs Released By Apple

Apple issued urgent security updates to address two newly discovered zero-day vulnerabilities. These vulnerabilities were exploited in attacks aimed at iPhone and Mac users, making a total of 13 zero-days fixed this year.The company acknowledged that these vulnerabilities may have been actively exploited, and they were found in the Image I/O and Wallet frameworks. They are identified as CVE-2023-41064 (discovered by Citizen Lab researchers) and CVE-2023-41061 (discovered by Apple).Additionally, Citizen Lab revealed that these vulnerabilities were exploited as part of a zero-click iMessage exploit chain called BLASTPASS. This exploit chain was used to deliver NSO Group's Pegasus spyware to fully updated iPhones (running iOS 16.6) through PassKit attachments containing malicious images.Read more...