The Cabinet Division has recently issued a Cyber Security Advisory aimed at alerting Apple iPhone users to the targeted attacks employing the infamous Pegasus spyware, allegedly developed by the NSO Group.
This advisory sheds light on a sophisticated exploitation technique known as the "Blast Pass Exploit," which exploits vulnerabilities in the iMessage feature, specifically identified as CVE-2023-41061 and CVE-2023-41064. This exploit enables the deployment of zero-day and zero-click malware.
Referred to as the Blast Pass cyber threat, it possesses the capability to infect even the latest iOS versions, including the current 16.6, without requiring any user interaction. In response to this crisis,
Apple has acted swiftly by releasing a remedial advisory for its iPhone users. Furthermore, they have initiated alerts to notify users about potential risks from the Pegasus spyware and state-sponsored attackers.
Apple recommends several safety measures to combat this threat:
1. Immediate upgrade to the latest iOS version (16.6.1 or above), including crucial security updates to defend against ongoing attacks. 2. Optionally, enable lockdown mode, an extreme protection feature that blocks Blast Pass attacks. 3. Disable the iMessage feature on iPhones.
Apart from these specific steps, Apple users are encouraged to follow generic security guidelines to protect their devices from a variety of cyber threats:
1. Protect their devices with strong passcodes and enable two-factor authentication on Apple ID. 2. Download apps exclusively from the official Apple Store to avoid malware and infections. 3. Utilize anonymity-based solutions when browsing the internet and consider masking the identity of key individuals. 4. Always disable location services on Apple devices to minimize privacy risks. 5. Subscribe to Apple's security bulletins and threat notifications, and enable auto OS update features. 6. Exercise caution when using phones in sensitive locations or during important meetings to prevent unauthorized data access.