 |
| iPhone/iPad users should update their operating systems immediately to patch the vulnerability. |
Specifically, Apple released the iOS/iPadOS 16.6.1 operating system update on September 7 to patch two zero-day vulnerabilities that could allow bad guys to track iPhones.
According to security researchers at the Citizen Lab at the University of Toronto, all Apple users should update their operating systems immediately to patch the vulnerability.
Accordingly, Citizen Lab conducted a test of the device of an individual working at a Washington social organization and discovered a zero-click vulnerability that had been exploited in the wild, used to deliver NSO Group's Pegasus spyware.
The vulnerability attacks iPhones running the latest operating systems (iOS/iPadOS 16.6) without any interaction from the victim. CVE-2023-41064, one of the two vulnerabilities, makes iPhones, iPads, Macs, and Apple Watches more vulnerable to attacks when processing “a maliciously crafted image.”
The vulnerability, CVE-2023-41061, resides in the Wallet functionality and poses a security issue if a device receives a “maliciously crafted attachment.”
In both cases, Apple said it received reports that the vulnerability may have been exploited. Citizen Lab reported the discovery to Apple and assisted the company in its investigation.
The new software updates apply to macOS Ventura, iOS, iPadOS, and watchOS devices. The patches are included in regular product updates and are not labeled as emergency security responses. The company has patched 13 zero-day vulnerabilities so far in 2023.
Since its development in 2011, Pegasus has been used globally to track objects. In recent years, world authorities have tried to block the software.
On iPhone and iPad, users can update the new operating system via OTA by accessing Settings > General > Software Update . watchOS 9.6.2 can be downloaded for free via the Apple Watch app on iPhone. Meanwhile, go to System Settings > Software Update to download macOS Ventura 13.5.2.
Source
Comment (0)