BLASTPASS: NSO Group iPhone Zero-Click, Zero-Day Exploit Captured in the Wild - The Citizen Lab
citizenlab.ca
Citizen Lab found an actively exploited zero-click vulnerability being used to deliver NSO Group’s Pegasus mercenary spyware while checking the device of an individual employed by a Washington DC-based civil society organization with international offices. We refer to the exploit chain as BLASTPASS. The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim.

We refer to the exploit chain as BLASTPASS. The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim.

  • some_guy@lemmy.sdf.orgEnglish
    6·
    10 months ago

    The fine folks at CitizenLab are doing such important work. I just want to call out what a net-benefit they are for us all. I can’t count how many times I see or hear their name in sec updates, sec podcasts, news stories, etc. Thank you to CitizenLab!

    • PlexSheep@feddit.deEnglish
      2·
      10 months ago

      I hear only good stuff from them. I think they were featured in the last episode of darkness diaries too.

    • Mwalimu@baraza.africaOPEnglish
      1·
      10 months ago

      Yes. The linked article points to Apple’s release notes.

      CVE-2023-41064: The Citizen Lab at The University of Torontoʼs Munk School

    • SmashingSquid@notyour.rodeo
      English
      142·
      10 months ago

      Who claims that anymore? Ever since covid there’s been tons of zero days updates. The only security benefit is not having extremely delayed updates like most android devices.

        • SmashingSquid@notyour.rodeo
          English
          41·
          10 months ago

          Yeah I’m an iphone person because I have no interest in side loading or any of that stuff, I just want it to work. I use it with medical devices and because of the fragmentation of android the medical device makers need to test and get approval for each phone model whereas on iOS because everything is the same OS its usually the first to get an app except for my newer insulin pump because they went with a managed android device as their included controller.

          If I were to go android I wouldn’t touch anything non google, especially after an article a few years ago I read that mentioned some OEM customizations actually adding vulnerabilities.

          • antizero99@lemmynsfw.comEnglish
            2·
            10 months ago

            I haven’t side loaded anything in years. In decades past I played around with custom roms and at some point I may look into the pixel roms for my older phones.

            Aside from the usual issues that popup with any os for any device, I’ve had very few problems and none that stopped me from using my device.

            I refuse to touch apple with someone’s else pole. I like being able to install apps that aren’t from the store and I can do that without having to hack my phone.

            I equate apple to AOL. When you are new to tech apple just works but when you learn that there is more out there than apples walled garden you look at android that let’s you do so much more and has so much more choice for hardware. Not to mention cost.