Zero-day vulnerabilities in iOS and macOS infect systems without user interaction
Miscellaneous / / September 10, 2023
Zero-day vulnerabilities have been found in iOS and macOS, which allow attackers to install malware without any user interaction.
They are known as CVE-2023-41064 and CVE-2023-41061. Scientists from the Citizen Lab at the University of Toronto (Canada) discovered them. appropriated their common name is BLASTPASS.
Attackers can compromise a device simply by downloading a malicious image or attachment. This usually happens through Safari, iMessage and WhatsApp. Hackers use this opportunity to install spyware, including Pegasus from NSO Group.
But the music didn't last long: Apple had already released a security update for all of its operating systems, including iPadOS and watchOS. And he recommends that users do not delay downloading them, since BLASTPASS is actively used.
To further reduce risk, you can enable Lockdown mode on your devices, which blocks certain types of attachments and disables link previews. Experts note that this effectively prevents such attacks.
Read also🧐
- 7 best free antiviruses