If you’ve been keeping up with the spying world as of late, then the Pegasus spyware might ring some bells. Israel-based cyber-arms company NSO Group develops the software and has the capability of reading a target’s text messages, listening in on calls, tracking their location and more. The software made headlines after it was discovered that multiple nations have used it to spy on journalists, activists and other persons of interest.
Apparently, Apple’s recent iOS 16.6 mobile OS features a zero-day and zero-click, meaning no user interaction is required to use it, exploit dubbed “Blastpass” by its discoverer – Citizen Lab. The exploit apparently involves PassKit – and Apple SDK, allowing developers to integrate Apple Pay into their apps and some malicious images sent through iMessage to trigger the exploit. Citizen Lab successfully installed Pegasus on a target device using said exploit and immediately reported it to Apple.
A fix has now been implemented in iOS 16.6.1, and all users are advised to get the update as soon as possible. Apparently, the exploit is pretty severe and far-reaching since Citizen Lab even advised users concerned about their privacy to enable the iOS Lockdown mode – a recent iOS feature that severely restricts the functions of Apple devices.
In other recent news, China just banned the use of iPhones by government officials. We’re not speculating it is somehow connected to the exploit, but Apple is definitely going through a rough patch with its iPhones.