Home iOS Message to IT: Update all your Apple devices right away

Message to IT: Update all your Apple devices right away


Apple has pushed out an essential security update to defend against yet another attack by an out-of-control mercenary surveillance group.

Like a bad smell, NSO Group has clawed its way back into the spotlight with yet another unprincipled attack against free speech and citizens’ rights, as revealed by Citizen Lab. The security researchers found this latest example of a sinister, yet egregious zero-click attack while checking the device of an “Individual employed by a Washington DC-based civil society organization with international offices.”

What is this attack and what does it do?

This attack, which is being used to deliver NSO Group’s Pegasus mercenary spyware, is deeply concerning as it can compromise iPhones running iOS 16.6 without requiring any interaction from the victim. The researchers explained the exploit involved PassKit attachments containing malicious images sent via iMessage. The victim wasn’t even required to look at this image.

What happened next?

Citizen Lab alerted Apple to the attack and the company swiftly published a security update for all its devices to protect against it. Both companies confirm Lockdown Mode will secure devices against such attack.

What Apple says

Apple published support notes detailing the content of the latest security updates. Warning that these attacks may already be actively exploited, these reveal that “processing a maliciously crafted image may lead to arbitrary code execution,” and that this attack was also viable against Wallet.

“We would like to acknowledge The Citizen Lab at The University of Torontoʼs Munk School for their assistance,” Apple said.

Copyright © 2023 IDG Communications, Inc.