BLASTPASS: NSO Group iPhone Zero-Click, Zero-Day Exploit Captured in the Wild - The Citizen Lab
citizenlab.ca
Citizen Lab found an actively exploited zero-click vulnerability being used to deliver NSO Group’s Pegasus mercenary spyware while checking the device of an individual employed by a Washington DC-based civil society organization with international offices. We refer to the exploit chain as BLASTPASS. The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim.

We refer to the exploit chain as BLASTPASS. The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim.

  • sebinspaceEnglish
    11 year ago

    Must be what the 16.6.1 update was for last night

    • MwalimuOPEnglish
      11 year ago

      Yes. The linked article points to Apple’s release notes.

      CVE-2023-41064: The Citizen Lab at The University of Torontoʼs Munk School