A zero-day weakness in iOS 16 that might allow attackers to remotely install spyware on a device without the iPhone owner’s involvement has been fixed by Apple in a crucial security update for iPhones.
The issue was found last week by the spyware research team Citizen Lab, who quickly alerted Apple.
The Pegasus spyware from NGO Group was installed on an iPhone belonging to a worker at a civil society organisation with offices in Washington, DC, using the zero-click zero-day vulnerability.
The malware known as Pegasus was created by a Israeli company for use by government organisations. A phone becomes infected with the spyware, which then transmits back data including pictures, texts, and audio and video recordings.
Just days after this issue was found, Apple released iOS 16.6.1, and even if you don’t think your iPhone will be targeted by spyware, you should still install this update.
There are still a lot of people eager to try to figure out how to exploit this new vulnerability by reverse engineering iOS security patches, which increases the possibility of more extensive assaults.
For obvious reasons, Citizen Lab hasn’t fully outlined the vulnerability, but the attack requires PassKit attachments that are stuffed with malicious photos and distributed over iMessage. PassKit is the foundation underpinning Apple Pay and Wallet.
In the future, Citizen Lab states, “We expect to publish a more in-depth discussion of the exploit chain.”
In the past few years, iOS security flaws have frequently made headlines, particularly when they were aggressively exploited before Apple became aware of them.
It’s important to note that Citizen Lab claims Apple’s Lockdown option can shield users from this most recent attack, so if you run the danger of being the victim of state-sponsored spyware, it’s definitely worth turning this option on.
Apple introduces new OS for iPhones – here s the models that are not getting the update