iPhone users must update software to iOS 16.6.1 right away, heres why

If you are an iPhone user, you must update the software to the latest iOS 16.6.1. In the latest iOS update, Apple has fixed two zero-day vulnerabilities actively being used to deliver Israel-based NSO Group’s Pegasus spyware on iPhones. That means all the iPhone units running older software may be prone to spyware attacks, which could lead hackers to access your private data. Apple says the vulnerabilities “may have been actively exploited.” Also Read: Apple iPad Pro Launched In India With New M5 Chip, Ultra Retina XDR Display: Price, Specs

Internet watchdog group Citizen Lab, while checking the device of an individual employed by a Washington DC-based civil society organisation with international offices, found the zero-click vulnerability. “The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim,” Citizen Lab said in a statement late on Thursday. Also Read: Apple Launches 14-inch MacBook Pro With M5 Chip And Up To 24-Hour Battery Life: Check Price And Availability

What did researchers say?

They referred to the exploit chain as ‘BLASTPASS’. The exploit involved PassKit attachments containing malicious images sent from an attacker’s iMessage account to the victim. Citizen Lab immediately disclosed our findings to Apple and assisted in their investigation. Taking cognisance of the alarming situation, Apple issued two CVEs related to this exploit chain, (CVE-2023-41064 and CVE-2023-41061). Also Read: iPhone 13 vs iPhone 14 vs iPhone 15: Best Deal To Grab This Diwali Under Rs 50000

“We would like to acknowledge The Citizen Lab at The University of Torontoʼs Munk School for their assistance,” said Apple.

Apple takes note

The first vulnerability targeted Image I/O, which is Apple’s framework that is responsible for giving apps permission to read and write most image file formats and access an image’s metadata. Apple has detailed the vulnerability and the fix:

Impact: Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: A buffer overflow issue was addressed with improved memory handling.

The second fix is for the vulnerability that affected the Apple Wallet app. Apple said, “A maliciously crafted attachment may result in arbitrary code execution.” The issue, per the company, may have been actively exploited. The latest update, however, addresses the issue “with improved logic.”

Besides, Citizen Lab has urged everyone to immediately update their iPhone and iPad devices to the latest software version. “We encourage everyone who may face increased risk because of who they are or what they do to enable Lockdown Mode,” the researchers said. Apple’s update will secure devices belonging to regular users, companies, and governments around the globe. “The ‘BLASTPASS’ discovery highlights the incredible value to our collective cybersecurity of supporting civil society organizations,” said the watchdog.

— Written with inputs from IANS