Apple Inc. has released a patch after internet security watchdog Citizen Lab identified a previously unknown vulnerability from Israeli cyber-intelligence company NSO Group’s Pegasus spyware.
“Last week, while checking the device of an individual employed by a Washington DC-based civil society organization with international offices, Citizen Lab found an actively exploited zero-click vulnerability being used to deliver NSO Group’s Pegasus mercenary spyware,” the multi-disciplinary laboratory said in a blog post.
Zero-click vulnerabilities get activated without even without a user clicking on the malware. Citizen Lab referred to it as a zero-day or previously unknown malware.
Calling the spyware BLASTPASS, Citizen Lab said, “The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim.”
Citizen Lab “immediately disclosed our findings” to Apple and assisted in their investigation, the blog post said.
The maker of iPhone issued two common vulnerabilities and exposures or CVEs—a list identifying security flaws—related to this exploit chain, the Citizen Lab said.
Apple support website lists CVE-2023-41064 and CVE-2023-41061 as the latest updates.
Apple has not issued any public statement on it yet. BQ Prime awaits a response to text queries sent to Apple Inc. spokesperson.
Citizen Lab urged iPhone users to “immediately update their devices”.