We've come across a critical piece of cyber intelligence that warrants your immediate attention. Our open source intelligence chatter indicates a zero-click, zero-day exploit iPhone is in the wild.
Background on NSO Group's Pegasus Spyware
NSO Group's Pegasus is a sophisticated mercenary spyware that has gained notoriety for its capabilities to infiltrate smartphones, giving the attacker a wide range of surveillance tools. Once installed, Pegasus can extract text messages, emails, and call records and capture live voice calls from popular encrypted messaging apps. Additionally, it can secretly turn on the phone's cameras or microphones to capture live footage and ambient sounds, effectively turning the device into a live surveillance tool. Developed by the Israeli firm NSO Group, Pegasus has been implicated in several controversies, particularly because it has been found on the phones of journalists, human rights activists, and political dissidents, raising significant concerns about privacy, civil liberties, and misuse of surveillance technology.
What's the BLASTPASS Exploit Chain?
A zero-day, zero-click vulnerability termed "BLASTPASS" has been detected in the wild, targeting Apple devices. This exploit chain has the potential to compromise iPhones running the latest iOS version (16.6) without requiring any user interaction.
Mode of Operation: The exploit uses PassKit attachments laden with malicious images, sent through the attacker's iMessage to the intended victim.
Affected Devices: Devices impacted include iPhone 8 and later, all iPad Pro models, iPad Air (from 3rd generation and later), iPad (from 5th generation and later), and iPad mini (from 5th generation and later).
Apple's Response to BLASTPASS
Apple has already rolled out an update, iOS 16.6.1 and iPadOS 16.6.1, addressing these vulnerabilities. Notably, two CVEs related to this exploit chain have been identified, namely CVE-2023-41064 and CVE-2023-41061.
Immediate Update: We strongly urge all Apple users to instantly update their devices to iOS 16.6.1 or iPadOS 16.6.1.
Enable Lockdown Mode: For users at heightened risk due to their profiles or professions, enabling Lockdown Mode is recommended as it is believed to block this particular attack.
Stay Informed with Continuous Cyber Intelligence
In this age of fast-evolving zero-day cyber threats, staying informed is your first line of defense with continuous open source intelligence.
As shown in the figure above, you can leverage DigitalStakeout to stay updated with the latest cyber threat intelligence. If you have any questions or require further assistance, our team is here to support you!