Apple has rolled out a critical security update for iOS 16 that fixes a vulnerability that could allow hackers to take over your iPhone or iPad without your knowledge.
The vulnerability was first discovered by Citizen Lab, a digital research unit at the University of Toronto, and it is dubbed ‘Blastpass,’ as shared by Engadget.
The exploit allowed bad actors to install NSO Group’s Pegasus Spyware on an unsuspecting victim’s iPhone. Pegasus is a powerful tool that can access almost everything on a target’s device, including text messages, calls, photos, location, and more. It was previously found on iPhones in 2021, and was subsequently taken care of with an OS update.
According to Citizen Lab, it found that Pegasus was installed on the iPhone of an employee of a Washington DC-based organization using a malicious attachment sent by iMessage. The attack worked on devices running the latest version of iOS 16.6, and required no interaction from the victim at all.
Citizen Lab reported the issue to Apple, which quickly released iOS 16.6.1 and iPadOS 16.6.1 to address it.
The Blastpass exploit is believed to involve PassKit, an SDK that allows developers to integrate Apple Pay into their apps. The SDK can then reportedly be transmitted to a victim via iMessage, and it infects the victim’s phone without them taking any action.
Apple users are advised to update their devices to the latest software to protect themselves from potential threats.
Earlier this year, hackers used spyware-infected calendar invites to target iPhones. Read more about it here.
Source: Citizen Lab Via: Engadget
MobileSyrup may earn a commission from purchases made via our links, which helps fund the journalism we provide free on our website. These links do not influence our editorial content. Support us here.
