Apple recently released a critical security update for iOS 16, addressing a highly concerning vulnerability that could potentially allow hackers to gain control over iPhones and iPads without any user interaction. This exploit, known as “Blastpass,” is classified as a “zero-click, zero-day” attack, enabling attackers to deploy NSO Group’s notorious Pegasus spyware. This malicious software can grant the attacker access to various device functions, such as reading text messages, eavesdropping on calls, exfiltrating and sharing images, and tracking the device’s location.
The initial discovery of the Blastpass exploit was made by Citizen Lab, a digital watchdog organization, which promptly reported the issue to Apple. It was observed that this exploit had been utilized to infiltrate the iPhone of an employee affiliated with a Washington DC-based organization. Alarmingly, the exploit could compromise devices running the latest iOS 16.6 version, all without any interaction required from the device owner, as stated by Citizen Lab.
In response to this critical security threat, Apple swiftly released iOS 16.6.1, accompanied by a succinct statement indicating that “a maliciously crafted attachment may result in arbitrary code execution.” Additionally, Citizen Lab recommended that individuals at risk consider activating Lockdown Mode, which is designed to impose stringent restrictions on Apple devices. Apple clarified that Lockdown Mode is intended for a “very small number of users who face grave, targeted threats to their digital security.” This feature seeks to enhance security in light of escalating threats, including a vulnerability identified in February 2023 that Apple suspected might have been actively exploited.
This security exploit has thrust the Pegasus spyware back into the spotlight, following its ban by the Biden administration earlier in the year. Pegasus, developed by the Israel-based NSO Group, generated significant controversy when it was employed by various nations for surveillance purposes, particularly targeting journalists and activists. One infamous case involved Saudi Arabia’s alleged use of Pegasus to spy on journalist Jamal Khashoggi, who tragically met his demise in Turkey.
