NSO Group iPhone Zero-Click, Zero-Day Exploit Affecting Apple Users

Written by

Geoff Halstead

Published on

February 17, 2024

Reading time

1 min.

Recently we posted about the under-appreciated threat of Zero Day bugs and flaws in major Web Browsers. Usually, these are inadvertent mistakes or a convergence of factors that create the flaw accidentally.

The NSO Group is an example of an entirely different kind of threat, with the same or even worse impacts. Here you have a company with deep resources and expertise, selling its technology to nation state actors, to compromise the personal computing devices that we all use: welcome to the world of Spyware.

Action Needed

All at-risk users to consider enabling Lockdown Mode as Apple and Citizen Labs believe it blocks this attack.

More Details

Apple issued an update for Apple products including iPhones, iPads, Mac computers, and Apple Watches. We encourage all users to immediately update their devices. The exploit chain, referred to as BLASTPASS, was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim.

The exploit involved PassKit attachments containing malicious images sent from an attacker iMessage account to the victim.

Citizen Labs

Apple

Related posts

AT&T Admits that Data of “Nearly All” Customers Was Breached in 2022

Reading Time: 2 min.

The New York Times reported today that AT&T disclosed a significant data breach affecting nearly all of its customers. The…

Read more

NSA Report Details the Extent and Effectiveness of PRC Exploitation of the Internet

Reading Time: 2 min.

The NSA release this week a comprehensive report with explicit details of the extent of the activity and ‘Tradecraft” of…

Read more

Chrome Browser Revealed to Secretly Spy on PCs

Reading Time: 1 min.

Luca Casonato 🏳️‍🌈 on Twitter / X Developer Luca Casonato posted a series of tweets on July 9. He revealed…

Read more

NSO Group iPhone Zero-Click, Zero-Day Exploit Affecting Apple Users

Recently we posted about the under-appreciated threat of Zero Day bugs and flaws in major Web Browsers. Usually, these are inadvertent mistakes or a convergence of factors that create the flaw accidentally. The NSO Group is an example of an entirely different kind of threat, with the same or even…

Reading Time: 1 min.

Recently we posted about the under-appreciated threat of Zero Day bugs and flaws in major Web Browsers. Usually, these are inadvertent mistakes or a convergence of factors that create the flaw accidentally.

The NSO Group is an example of an entirely different kind of threat, with the same or even worse impacts. Here you have a company with deep resources and expertise, selling its technology to nation state actors, to compromise the personal computing devices that we all use: welcome to the world of Spyware.

Action Needed

All at-risk users to consider enabling Lockdown Mode as Apple and Citizen Labs believe it blocks this attack.

More Details

Apple issued an update for Apple products including iPhones, iPads, Mac computers, and Apple Watches. We encourage all users to immediately update their devices. The exploit chain, referred to as BLASTPASS, was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim.

The exploit involved PassKit attachments containing malicious images sent from an attacker iMessage account to the victim.

Citizen Labs

Apple

Tags:
If you liked this post, Share it on: