Marczak, who was speaking at TechCrunch Disrupt on Thursday, said this vulnerability resulted from a failed attempt to hack this U.S.-based victim’s device. The vulnerability was used as part of an exploit chain that Citizen Lab named BLASTPASS, because it involved PassKit, a framework that allows developers to include Apple Pay in their apps. The target was a person working for an unnamed Washington-based organization. Earlier in September, Citizen Lab said it discovered evidence of a zero-click vulnerability on a fully up-to-date iPhone (at the time) to plant the Pegasus spyware, developed by NSO Group. This is the second high-profile security update dropped by Apple this month. government denylist earlier this year, effectively banning U.S. Both Cytrox and Intellexa were added to a U.S. Predator is a spyware, developed by Cytrox, a subsidiary of Intellexa, that can steal the contents of a person’s phone when planted, often by way of spoofed text messages pointing to malicious websites. In blog posts published Friday, both Google and Citizen Lab confirmed that Apple’s latest updates were to block an exploit used to plant the Predator spyware on the phone of an Egyptian presidential candidate. The bugs were discovered by Maddie Stone, a researcher at Google’s Threat Analysis Group, which investigates state-backed threats, and Citizen Lab’s Bill Marczak. Apple back-ported the bug fix to iOS 16.7, as well as older versions of macOS Ventura and Monterey, and watchOS. The bug fixes come just days after the release of iOS 17, which includes a range of new security and privacy features aimed at limiting the risk from cyberattacks, such as spyware.įor its part, Apple said it is only aware of active exploitation targeting users running iOS 16.7 and earlier. These three vulnerabilities form part of an exploit chain, where the bugs are used together to gain access to a target’s device. The three vulnerabilities include a flaw in WebKit, the browser engine that powers Safari a certificate validation bug that can allow a malicious app to run on an affected device and a third bug that can be used to get broader access to the kernel, the core of the operating system. Apple on Thursday released urgent security updates for iPhones, iPads, Macs, Apple Watch, and Safari users to patch against three vulnerabilities that Apple says are being actively exploited.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |