1. Forum
  2. Usenet
  3. MISC.PHONE.MOBILE.IPHONE

  • no click zero-day ios exploit

    From badgolferman@21:1/5 to All on Fri Sep 8 00:22:27 2023
    Apple users are being urged to update their products immediately to protect against a powerful new spyware that infiltrated devices without any clicks.

    The tech company released updates to patch two zero-day exploit chains on Thursday.

    It comes after an employee of the Washington DC-based civil society organization Citizen Lab found the zero-click vulnerability delivering
    Pegasus mercenary spyware, according to John Scott-Railton, a researcher
    for the group.

    ‘Last week we @citizenlab discovered a new #Pegasus zero-click exploit
    chain (No clicking required to infect latest iOS!)’ he wrote on X (formerly Twitter) on Thursday afternoon.

    Citizen Lab, which investigates government malware, explained in a blog
    post that victims can be targeted by malware without clicking or tapping or opening any attachments.

    ‘The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim,’ wrote the internet watchdog group.



    https://metro.co.uk/2023/09/07/apple-zero-day-bug-spyware-update-19466522/

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Jolly Roger@21:1/5 to badgolferman on Fri Sep 8 01:21:17 2023
    On 2023-09-08, badgolferman <[email protected]> wrote:
    Apple users are being urged to update their products immediately to protect against a powerful new spyware that infiltrated devices without any clicks.

    The tech company released updates to patch two zero-day exploit chains on Thursday.

    It comes after an employee of the Washington DC-based civil society organization Citizen Lab found the zero-click vulnerability delivering Pegasus mercenary spyware, according to John Scott-Railton, a researcher
    for the group.

    ‘Last week we @citizenlab discovered a new #Pegasus zero-click exploit chain (No clicking required to infect latest iOS!)’ he wrote on X (formerly Twitter) on Thursday afternoon.

    Citizen Lab, which investigates government malware, explained in a blog
    post that victims can be targeted by malware without clicking or tapping or opening any attachments.

    ‘The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim,’ wrote the internet watchdog group.

    https://metro.co.uk/2023/09/07/apple-zero-day-bug-spyware-update-19466522/

    "We believe, and Apple’s Security Engineering and Architecture team has confirmed to us, that Lockdown Mode blocks this particular attack.

    We commend Apple for their rapid investigative response and patch cycle,
    and we acknowledge the victim and their organization for their
    collaboration and assistance."

    Nice.

    BTW, iOS 16.6.1 patches this vulnerability:

    <https://support.apple.com/en-us/HT213905>

    iOS 16.6.1 and iPadOS 16.6.1
    Released September 7, 2023

    ImageIO

    Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

    Impact: Processing a maliciously crafted image may lead to arbitrary
    code execution. Apple is aware of a report that this issue may have been actively exploited.

    Description: A buffer overflow issue was addressed with improved memory handling. CVE-2023-41064: The Citizen Lab at The University of
    Torontoʼs Munk School

    --
    E-mail sent to this address may be devoured by my ravenous SPAM filter.
    I often ignore posts from Google. Use a real news client instead.

    JR

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)