Security News > 2023 > September > Apple races to patch the latest zero-day iPhone exploit
Apple devices are again under attack, with a zero-click, zero-day vulnerability used to deliver Pegasus spyware to iPhones discovered in the wild.
Researchers at Citizen Lab are referring to the exploit as BLASTPASS. The team said they immediately disclosed their findings to Apple when they first discovered an infected device owned by an individual employed by a Washington DC-based civil society organization with international offices.
Apple moved swiftly, assigning two CVEs to the exploit chain - CVE-2023-41064 and CVE-2023-41061 - and issuing updates for iOS and iPadOS. Apple and Citizen Lab also advised enabling Lockdown Mode, which blocks the attack, for at-risk users.
Citizen Lab said: "We commend Apple for their rapid investigative response and patch cycle, and we acknowledge the victim and their organization for their collaboration and assistance."
In the latter's case, Apple dealt with a validation issue with improved logic.
PassKit is the service for distributable passes added to a user's Apple wallet.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/09/08/apple_races_to_patch/
Related news
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- Fraudsters imprisoned for scamming Apple out of 6,000 iPhones (source)
- Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits (source)
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- Hackers exploit 52 zero-days on the first day of Pwn2Own Ireland (source)
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch (source)
- Emergency patch: Cisco fixes bug under exploit in brute-force attacks (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-07 | CVE-2023-41064 | Classic Buffer Overflow vulnerability in Apple Ipados and Iphone OS A buffer overflow issue was addressed with improved memory handling. | 7.8 |
| 2023-09-07 | CVE-2023-41061 | Unspecified vulnerability in Apple Ipados A validation issue was addressed with improved logic. | 7.8 |