The Cabinet Division has recently issued a Cyber Security Advisory aimed atalerting Apple iPhone users to the targeted attacks employing the infamousPegasus spyware, allegedly developed by the NSO Group.
This advisory sheds light on a sophisticated exploitation technique knownas the “Blast Pass Exploit,” which exploits vulnerabilities in the iMessagefeature, specifically identified as CVE-2023-41061 and CVE-2023-41064. Thisexploit enables the deployment of zero-day and zero-click malware.
Referred to as the Blast Pass cyber threat, it possesses the capability toinfect even the latest iOS versions, including the current 16.6, withoutrequiring any user interaction. In response to this crisis,
Apple has acted swiftly by releasing a remedial advisory for its iPhoneusers. Furthermore, they have initiated alerts to notify users aboutpotential risks from the Pegasus spyware and state-sponsored attackers.
Apple recommends several safety measures to combat this threat:
Read Top Stories
1. Immediate upgrade to the latest iOS version (16.6.1 or above), includingcrucial security updates to defend against ongoing attacks.2. Optionally, enable lockdown mode, an extreme protection feature thatblocks Blast Pass attacks.3. Disable the iMessage feature on iPhones.
Apart from these specific steps, Apple users are encouraged to followgeneric security guidelines to protect their devices from a variety ofcyber threats:
1. Protect their devices with strong passcodes and enable two-factorauthentication on Apple ID.2. Download apps exclusively from the official Apple Store to avoid malwareand infections.3. Utilize anonymity-based solutions when browsing the internet andconsider masking the identity of key individuals.4. Always disable location services on Apple devices to minimize privacyrisks.5. Subscribe to Apple’s security bulletins and threat notifications, andenable auto OS update features.6. Exercise caution when using phones in sensitive locations or duringimportant meetings to prevent unauthorized data access.