uoft apple security

UofT lab finds critical Apple security issues

Apple has issued a new security software update for iPad and iPhone after Canadian researchers discovered severe vulnerabilities.

The Citizen Lab at The University of Toronto's Munk School of Global Affairs published its findings on Thursday.

"Last week, while checking the device of an individual employed by a Washington DC-based civil society organization with international offices, Citizen Lab found an actively exploited zero-click vulnerability being used to deliver NSO Group’s Pegasus mercenary spyware," researchers stated.

The NSO Group is an Israeli cyber intelligence agency that created the Pegasus spyware. This spyware infects iPhones and Android devices.

According to a 2021 investigation by The Washington Post, Pegasus works in three steps: target, infect, and track.

"Someone sends what's known as a trap link to a smartphone that persuades the victim to tap and activate — or activates itself without any input, as in the most sophisticated 'zero-click' hacks," the investigative report reads.

Once infected, the spyware duplicates the phone's functions, can record from the camera and mic, and can see your location, call data, and contacts, among other things.

This information can then be used to track the victim and exploit them.

The Citizen Lab said the exploit chain Blastpass is being used here and could compromise iPhones running iOs 16.6 "without any interaction from the victim."

"The exploit involved PassKit attachments containing malicious images sent from an attacker iMessage account to the victim," the Lab added.

Apple was immediately told about this discovery, and its team quickly worked on patching solutions. It acknowledged The Citizen Lab in its update release.

"Processing a maliciously crafted image may lead to arbitrary code execution," said the tech giant. "Apple is aware of a report that this issue may have been actively exploited."

The new update is available, resolving ImageIO and Apple Wallet vulnerabilities on iPhone 8 and later models, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later.

Take a few minutes to update all your Apple devices and ensure you're digitally secure.

You have Canadian researchers to thank for this one!

Lead photo by

Shutterstock/nikkimeel


Latest Videos



Latest Videos


Join the conversation Load comments

Latest in Tech

Here are the best Black Friday deals for cheap phone plans in Canada

Canadians could cash in on class-action lawsuit against gaming and tech firms

Shoppers Drug Mart will no longer sell an entire category of products

Ontario strikes $100 million deal with Elon Musk

Canada TikTok ban will result in tons of job losses in Toronto

Rogers and Yahoo account holders can claim hundreds of dollars in settlement

New decision could soon give Canadians faster and cheaper internet

Subscription and membership services that hiked prices in Canada this year