Apple has released an emergency iOS update to address a previously unknown bug or “zero-day bug” in iOS 16 that was vulnerable to the remote installation of spyware on devices without any interaction required from the owner. Various outlets and tech professionals have since recommended iPhone users update their software immediately, even if they think they’re not at risk.
The exploit was first discovered by Citizen Lab, a spyware research group, who immediately notified Apple. At the time of writing Apple has maintained its usual public response, which is, “For our customers’ protection, Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available.”
However, what we do know is that the exploit involved PassKit attachments sent via iMessage, which can lead to sensitive information like identity and financial data being compromised, as the PassKit framework is what’s used to operate Apple Pay and the Wallet app.
At the time of writing, one of the known attacks was said to include an employee of a Washingon DC-based civil society organization, whose phone was compromised by NGO Group’s Pegasus spyware — which allows the exploiter to access various data points, including photos, messages audio, video and more.
While Citizen Lab has yet to release a full breakdown of the vulnerability at the time of writing, presumably to protect users while they update, they have said they will “publish a more detailed discussion of the exploit chain in the future.”
In the meantime, users with iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later, can now update to iOS 16.6.1 to guard against the vulnerability.
Elsewhere in tech, Apple could add USB-C charging to AirPods and AirPods Max in 2024.
Source: Read Full Article