Apple has recently released patches to address two zero-day vulnerabilities that were being exploited by the notorious NSO Group’s Pegasus spyware. The vulnerabilities, known as CVE-2023-41064 and CVE-2023-41061, were actively exploited to compromise iPhones running the latest version of iOS without any interaction from the victim.
Cybersecurity research organization Citizen Lab discovered the exploit chain that enabled the compromise. The attack involved the use of PassKit attachments containing malicious images, which were sent from an attacker’s iMessage account to the victim. This chain of exploitation was coined as “BLASTPASS” by Citizen Lab.
CVE-2023-41064, one of the vulnerabilities, is a buffer overflow flaw in the ImageI/O framework. This framework allows applications to read and write various image file formats. With a maliciously crafted image, an attacker can trigger the vulnerability and achieve arbitrary code execution on the target device. On the other hand, CVE-2023-41061, the second vulnerability, is a validation issue in Apple’s Wallet. By exploiting this flaw with a malicious attachment, attackers can execute arbitrary code on the device.
While Citizen Lab reported CVE-2023-41064 to Apple, the tech giant discovered CVE-2023-41061 on its own while validating the existence of the first vulnerability. Both vulnerabilities have been promptly fixed in the iOS 16 branch. Additionally, Apple has also addressed CVE-2023-41064 in the latest security update for macOS Ventura (13.5.2), and CVE-2023-41061 in watchOS 9.6.2. It is highly likely that these patches will be backported to older iOS, iPadOS, and macOS versions in the near future.
Citizen Lab emphasized that this recent discovery highlights the targeting of civil society organizations by highly sophisticated exploits and mercenary spyware. They have plans to publish a more detailed analysis of the exploit chain in the future. In the meantime, regular users are advised to update their devices as soon as possible. However, users who are at a higher risk of targeted cyberattacks, especially with spyware like Pegasus, should consider activating Lockdown Mode. According to Apple’s Security Engineering and Architecture team, Lockdown Mode can effectively block this particular attack.
In addition to enabling Lockdown Mode, users running the latest versions of Apple’s operating systems should also consider enabling Apple Rapid Security Response. This feature automatically installs security patches as soon as they become available, ensuring devices stay protected against emerging threats.
With the release of these patches, Apple has demonstrated its commitment to promptly addressing vulnerabilities and protecting its users from potential cyber threats. By continuing to prioritize security updates, Apple aims to maintain the trust and confidence of its customer base. Users are advised to remain vigilant and proactive in keeping their devices up to date with the latest security patches to stay protected from potential exploits.