A few years ago, there was a lot of uproar over Pegasus spyware being installed on mobile phones in India…
New Delhi:
A few years ago, there was a lot of furor about installing Pegasus spyware on mobile phones in India, and a large section of the population has come to know that just installing a software on a phone is enough for spying or harassment. .
Also read
A similar spyware or exploit chain has been reported by CitizenLab, a cyber research team at the University of Toronto, which has warned users of iPhones and other Apple products to update their phones or other products immediately. It is suggested to do so.
CitizenLab The micro-blogging website X (formerly known as Twitter) wrote, “While investigating a person’s device in Washington DC last week, Citizen Lab discovered that NSO Group’s Pegasus was exploiting the zero-click vulnerability.” Spyware was being delivered…”
🚨🚨We urge everyone to update their Apple devices as soon as possible.
We have got an actively exploited #Zero# Click Vulnerability that was exploited to deliver #NSO of the group #Pegasus#Spywarehttps://t.co/BS0ZI4QuIz
– Citizen Lab (@citizenlab) September 7, 2023
This exploit chain is called the BLASTPASS exploit chain. According to CitizenLab, this exploit chain was able to infect iPhones running the latest version of iOS (16.6) without ever having any contact with the victim phone. The exploit chain includes a passkey attachment, which allows pornographic images to be sent to the victim from the attacker’s iMessage account.
While promising to publish a more detailed report on the exploit chain in the future, CitizenLab said they soon disclosed their findings to Apple and assisted in their investigation. Apple also acted quickly, releasing two CVEs (CVE-2023-41064 and CVE-2023-41061).
It is recommended that all Apple users update their devices now, including iPhones, iPads, Mac computers, and other Apple products, including Apple watches. CitizenLab also praised Apple for its quick response and patch.