BLASTPASS iPhone Zero-Click, Zero-Day Exploit: Users Urged to Update Immediately

Apple has just issued an update for Apple products including iPhones, iPads, Mac computers, and Apple Watches. We encourage all users to immediately update their devices.

BLASTPASS iPhone Zero-Click, Zero-Day Exploit: Users Urged to Update Immediately
  • "Apple has just issued an update for Apple products including iPhones, iPads, Mac computers, and Apple Watches. We encourage all users to immediately update their devices."
  • "We urge all at-risk users to consider enabling Lockdown Mode as we believe it blocks this attack."
"We refer to the exploit chain as BLASTPASS. The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim."
  • "The exploit involved PassKit attachments containing malicious images sent from an attacker iMessage account to the victim."
  • "Citizen Lab immediately disclosed our findings to Apple and assisted in their investigation. Apple issued two CVEs related to this exploit chain: (CVE-2023-41064 and CVE-2023-41061)."

Full Article
Archive