Apple has issued an important update for its products, including iPhones, iPads, Mac computers, and Apple Watches. Users are strongly advised to update their devices immediately. It has been discovered that an actively exploited zero-click vulnerability, known as the BLASTPASS exploit chain, is being used to deliver NSO Group’s Pegasus mercenary spyware. The exploit chain can compromise iPhones running the latest version of iOS without any interaction from the victim. Citizen Lab, who found the vulnerability, has disclosed its findings to Apple and encourages all users, especially those at risk, to enable Lockdown Mode as it may block this attack. This discovery once again highlights the targeting of civil society by sophisticated cyber attacks, and Apple’s update will enhance the security of devices worldwide.
https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/