Apple Device Management and Security

Apple patches zero-day vulnerability in iOS & macOS

Michael Thomson
Technical

Critical updates, iOS 16.6.1, iPadOS 16.6.1, macOS 13.5.2, and watchOS 9.6.2

 

Security Updates

Apple has taken swift action by releasing critical security updates for iOS, iPadOS, macOS, and watchOS to address actively exploited zero-day security vulnerabilities. These vulnerabilities are capable of facilitating malware installation through a “maliciously crafted image” or attachment.

    Blastpass

    The vulnerabilities, identified as CVE-2023-41064 and CVE-2023-41061, were originally disclosed by Citizen Lab at the Munk School of Global Affairs & Public Policy at the University of Toronto. These vulnerabilities, known as “BLASTPASS,” are of significant concern due to their potential for exploitation when simply loading an image or attachment—a routine action in applications like Safari, Messages, WhatsApp, and various first- and third-party apps. Such vulnerabilities are often referred to as “zero-click” or “clickless” vulnerabilities.

    Citizen Lab has further revealed that the BLASTPASS bug has been actively employed to deploy NSO Group’s Pegasus mercenary spyware. This incident adds to a series of similar exploits utilized to compromise fully patched iOS and Android devices

    Apple Software Updates available September 2023

    For users concerned about these types of vulnerabilities, there is a proactive measure available: enabling Lockdown Mode on their iOS and macOS devices. This mode includes several protective measures, such as blocking various attachment types and disabling link previews—these are common attack vectors leveraged by threat actors to exploit “clickless” vulnerabilities. However, we recommend simply updating your devices today to patch the vulnerability.

    iOS 16.6.1 is currently accessible for iPhone and iPad users. To ensure the security of your device, navigate to Settings > General > Software Update and install this critical update. Given the significance of these security enhancements, we strongly recommend promptly updating your iPhone, iPad, Mac, and Apple Watch to the latest iterations of their respective operating systems.

    Working Together

    To gain a deeper understanding of the security on your iOS & macOS devices, which would provide full exposure to vulnerable OS versions, malware infections, phishing attacks and more, speak to us at [email protected]  for a fully customised demo and trial of Jamf Protect.

     

    Get Secured, now.