Apple has released a crucial security update to protect against another attack by the NSO Group, a rogue surveillance organization.
Citizen Lab discovered that the NSO Group had launched yet another unethical attack on free speech and citizens’ rights. This attack, known as a zero-click attack, can compromise iPhones running iOS 16.6 without any interaction from the victim. The attack involves sending malicious images through iMessage attachments. The victim doesn’t even need to view the image.
Upon discovering the attack, Citizen Lab alerted Apple, who promptly released a security update for all its devices. This update includes Lockdown Mode to safeguard against such attacks.
Apple’s support notes for the security update warn that these attacks may already be actively exploited. They state that “processing a maliciously crafted image may lead to arbitrary code execution” and that the attack is also viable against Wallet.
Apple expressed gratitude to The Citizen Lab at The University of Toronto’s Munk School for their assistance.
Citizen Lab has raised concerns about the mercenary spyware industry, stating that it undermines democracy, security, and human rights. They warn that these attacks are increasing in number and that it’s only a matter of time before criminals start using them.
Given the increasing number of zero-day vulnerabilities that Apple has patched this year, it’s crucial for individuals and IT professionals to take device security seriously. Users should be vigilant for any changes in device behavior, change passwords frequently, and exercise caution when leaving their devices unattended.
2023-09-08 18:00:03
Original from www.computerworld.com