Apple fixes zero-click exploit allowing hackers to spy on iPhone users

Apple has taken swift action by releasing a critical security update, iOS 16.6.1, for iPhones and iPads to address a highly concerning vulnerability. This flaw, referred to as “Blastpass,” posed a significant threat as it allowed hackers to exploit devices without any interaction from the user’s side. This “zero-click, zero-day” exploit could potentially result in a hacker taking control of the device, a situation no one would want to encounter.

The Blastpass exploit came to light thanks to the diligent work of Citizen Lab, a watchdog organisation committed to digital security. Citizen Lab promptly notified Apple about the vulnerability, which was already being used to install the notorious Pegasus spyware on an iPhone belonging to an employee of a Washington, DC-based organisation.

Pegasus, developed by the NSO Group, is infamous for its invasive capabilities, enabling attackers to access text messages, eavesdrop on calls, extract and transmit images, and even track the device’s location, among other intrusive actions. Apple’s immediate response was to release iOS 16.6.1 to counter this grave security concern. The official statement from Apple simply states that a maliciously crafted attachment may result in arbitrary code execution.

In an effort to provide extra protection, Citizen Lab recommended that all users potentially at risk consider activating Lockdown Mode. This feature, a recent addition to iOS, is designed to severely restrict device functionality and is intended for a “very small number of users who face grave, targeted threats to their digital security,” as explained by Apple.

The specifics of the Blastpass exploit remain undisclosed, but it is believed to have involved PassKit, an SDK that allows developers to integrate Apple Pay into their apps, as well as malicious images sent via iMessage. Given the seriousness of this situation, Citizen Lab has refrained from releasing further details.

Read more: What skills will help you earn in dollars as a Pakistani freelancer?

This incident also sheds light on the resurgence of Pegasus, which had faced a ban by the Biden administration earlier in the year. Developed by the Israeli cyber-arms company NSO Group, Pegasus gained notoriety for its use by various nations to spy on journalists, activists, and other individuals. One particularly disturbing case involved its alleged use by Saudi Arabia in spying on journalist Jamal Kashoggi, who tragically met his end in Turkey.

Apple’s proactive response and the collaboration with organisations like Citizen Lab underscore the importance of continuous vigilance in the ever-evolving landscape of digital security threats. Users are strongly encouraged to update their devices to iOS 16.6.1 immediately to safeguard their digital well-being in the face of such sophisticated exploits.