Electronic devices that aid in daily living have begun to take up greater space as technology advances. However, this convenience has resulted in some security issues. Data hackers are causing havoc in these diverse areas of application. Finally, a perilous condition was discovered in Apple devices, which are believed to be spyware-free. Apple has issued an urgent update to combat spyware.
Citizen Lab examined an Apple iPhone belonging to an employee of a Washington-based non-governmental organization last week and discovered that the Israeli NSO exploited the vulnerability to infect the Pegasus malware.
According to the researchers, the latest version of iOS (iOS 16.6) allowed the device to be compromised.
Following the researchers’ warning, Apple released a fresh update to address the problem. Users have been advised to apply the updated update.
The US government has blacklisted the Israeli corporation since 2021 for alleged spying of government officials and journalists.
Many devices are vulnerable
iOS 16.6.1 and iPadOS 16.6.1 – iPhone 8 and later, all models of iPad Pro, iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later, macOS Ventura 13.5.2 – macOS Ventura devices, and watchOS 9.6.2 – Apple Watch Series 4 and later are all vulnerable. In other words, nearly all of Apple’s newer products are vulnerable. To avoid becoming a victim of spyware, device users must update their devices as soon as possible.
Pattern of BLASTPASS attack
Citizen Lab, which found one of the flaws, warned that it is being actively abused on fully patched iPhones running iOS 16.6 as part of an attack pattern known as BLASTPASS, which does not require user intervention to distribute Pegasus.
While further technical specifics of the vulnerabilities have been suppressed due to the current exploit, the strategy circumvents Apple’s BlastDoor sandbox structure designed to thwart zero-click assaults.
“This latest finding demonstrates once again that civil society is being targeted by highly sophisticated exploits and paid spyware,” Citizen Lab said, adding that the issues were discovered last week during an examination of the device of an unidentified individual employed by a Washington, D.C.-based organization with international offices.