UofT lab finds critical Apple security issues
Apple has issued a new security software update for iPad and iPhone after Canadian researchers discovered severe vulnerabilities.
The Citizen Lab at The University of Toronto's Munk School of Global Affairs published its findings on Thursday.
"Last week, while checking the device of an individual employed by a Washington DC-based civil society organization with international offices, Citizen Lab found an actively exploited zero-click vulnerability being used to deliver NSO Group’s Pegasus mercenary spyware," researchers stated.
The NSO Group is an Israeli cyber intelligence agency that created the Pegasus spyware. This spyware infects iPhones and Android devices.
According to a 2021 investigation by The Washington Post, Pegasus works in three steps: target, infect, and track.
"Someone sends what's known as a trap link to a smartphone that persuades the victim to tap and activate — or activates itself without any input, as in the most sophisticated 'zero-click' hacks," the investigative report reads.
Once infected, the spyware duplicates the phone's functions, can record from the camera and mic, and can see your location, call data, and contacts, among other things.
This information can then be used to track the victim and exploit them.
The Citizen Lab said the exploit chain Blastpass is being used here and could compromise iPhones running iOs 16.6 "without any interaction from the victim."
"The exploit involved PassKit attachments containing malicious images sent from an attacker iMessage account to the victim," the Lab added.
Apple was immediately told about this discovery, and its team quickly worked on patching solutions. It acknowledged The Citizen Lab in its update release.
"Processing a maliciously crafted image may lead to arbitrary code execution," said the tech giant. "Apple is aware of a report that this issue may have been actively exploited."
The new update is available, resolving ImageIO and Apple Wallet vulnerabilities on iPhone 8 and later models, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later.
Take a few minutes to update all your Apple devices and ensure you're digitally secure.
You have Canadian researchers to thank for this one!
Shutterstock/nikkimeel
Join the conversation Load comments