Security News > 2023 > September > Apple backports BLASTPASS zero-day fix to older iPhones
Apple released security updates for older iPhones to fix a zero-day vulnerability tracked as CVE-2023-41064 that was actively exploited to infect iOS devices with NSO's Pegasus spyware.
Apple released fixes for the two flaws with macOS Ventura 13.5.2, iOS 16.6.1, iPadOS 16.6.1, and watchOS 9.6.2, and CISA published an alert requiring federal agencies to patch by October 2, 2023.
The security updates cover all iPhone 6s models, the iPhone 7, the first generation of the iPhone SE, the iPad Air 2, the fourth generation of the iPad mini, and the seventh generation of the iPod touch.
Three more zero-days in May. Two zero-days in April.
Apple discloses 2 new zero-days exploited to attack iPhones, Macs.
Apple fixes new zero-day used in attacks against iPhones, Macs.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-07 | CVE-2023-41064 | Classic Buffer Overflow vulnerability in Apple Ipados and Iphone OS A buffer overflow issue was addressed with improved memory handling. | 7.8 |