09:48
14:00
10:14
09:40
12:52
11:39
09:48
14:00
10:14
09:40
12:52
11:39
09:48
14:00
10:14
09:40
12:52
11:39
09:48
14:00
10:14
09:40
12:52
11:39
Apple has swiftly responded to a major security threat by releasing iOS 16.6.1, a critical update designed to fix a zero-day vulnerability discovered in iOS 16. The security flaw could allow attackers to remotely install spyware on an iPhone without any interaction from the device owner.
The vulnerability was found by Citizen Lab, a spyware research group, which immediately reported it to Apple. This particular zero-click zero-day exploit had been used to install the Pegasus spyware, developed by the NGO Group for use by government agencies, onto an iPhone owned by an employee of a civil society organization based in Washington DC.
The Pegasus spyware is known for its power to infect a phone and transmit data, including photos, messages, audio and video recordings, to attackers. The possibility of widespread use of this exploit prompted Apple to take swift action.
iOS 16.6.1 is a critical update that iPhone owners should install promptly, even if they do not believe they are likely targets for spyware. In the past, threat actors have back-analyzed iOS security updates to find vulnerabilities, so the need for immediate action becomes critical.
Citizen Lab, for security reasons, has not provided a comprehensive breakdown of the vulnerability. However, it is known that the exploit involves PassKit, the framework responsible for Apple Pay and Wallet, and malicious images sent via iMessage. Citizen Lab plans to release a more detailed discussion of the exploit chain in the future.
Apple's Lockdown Mode is highlighted by Citizen Lab as a protective measure against this particular exploit. For users who may be at risk of being targeted by state-sponsored spyware, enabling Lockdown Mode is strongly recommended. This mode adds an extra layer of security to protect sensitive information.