Security News > 2023 > September > Apple backports BLASTPASS zero-day fix to older iPhones

Apple backports BLASTPASS zero-day fix to older iPhones
2023-09-12 13:42

Apple released security updates for older iPhones to fix a zero-day vulnerability tracked as CVE-2023-41064 that was actively exploited to infect iOS devices with NSO's Pegasus spyware.

Apple released fixes for the two flaws with macOS Ventura 13.5.2, iOS 16.6.1, iPadOS 16.6.1, and watchOS 9.6.2, and CISA published an alert requiring federal agencies to patch by October 2, 2023.

The security updates cover all iPhone 6s models, the iPhone 7, the first generation of the iPhone SE, the iPad Air 2, the fourth generation of the iPad mini, and the seventh generation of the iPod touch.

Three more zero-days in May. Two zero-days in April.

Apple discloses 2 new zero-days exploited to attack iPhones, Macs.

Apple fixes new zero-day used in attacks against iPhones, Macs.


News URL

https://www.bleepingcomputer.com/news/security/apple-backports-blastpass-zero-day-fix-to-older-iphones/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-09-07 CVE-2023-41064 Classic Buffer Overflow vulnerability in Apple Ipados and Iphone OS
A buffer overflow issue was addressed with improved memory handling.
local
low complexity
apple CWE-120
7.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 68 212 1433 2208 257 4110