Security News > 2023 > September > Apple Rushes to Patch Zero-Day Flaws Exploited for Pegasus Spyware on iPhones
Apple on Thursday released emergency security updates for iOS, iPadOS, macOS, and watchOS to address two zero-day flaws that have been exploited in the wild to deliver NSO Group's Pegasus mercenary spyware.
In a separate alert, Citizen Lab revealed that the twin flaws have been weaponized as part of a zero-click iMessage exploit chain named BLASTPASS to deploy Pegasus on fully-patched iPhones running iOS 16.6.
"The exploit chain was capable of compromising iPhones running the latest version of iOS without any interaction from the victim," the interdisciplinary laboratory said.
The latest updates also arrive more than a month after the company shipped fixes for an actively exploited kernel flaw.
News of the zero-days comes as the Chinese government is believed to have ordered a ban prohibiting central and state government officials from using iPhones and other foreign-branded devices for work in an attempt to reduce reliance on overseas technology and amid an escalating Sino-U.S. trade war.
"The real reason is: cybersecurity," Zuk Avraham, security researcher and founder of Zimperium, said in a post on X. "iPhones have an image of being the most secure phone... but in reality, iPhones are not safe at all against simple espionage."
News URL
https://thehackernews.com/2023/09/apple-rushes-to-patch-zero-day-flaws.html
Related news
- Apple Patches Actively Exploited Zero-Day Affecting iPhones, Macs, and More (source)
- Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085) (source)
- New Windows zero-day exposes NTLM credentials, gets unofficial patch (source)
- Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws (source)
- New Android NoviSpy spyware linked to Qualcomm zero-day bugs (source)
- Week in review: Exploited Ivanti Connect Secure zero-day, Patch Tuesday forecast (source)
- Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws (source)
- Patch procrastination leaves 50,000 Fortinet firewalls vulnerable to zero-day (source)
- Apple fixes this year’s first actively exploited zero-day bug (source)
- SLAP, Apple, and FLOP: Safari, Chrome at risk of data theft on iPhone, Mac, iPad Silicon (source)