Saol na Cathrach

Teicneolaíochtaí Nua agus Cumhacht AI a nochtadh

teicneolaíocht

Ardaíonn Fionnachtain na Seachtaine seo caite ar Leochaileacht Zero-Cliceáil Buarthaí faoi Chibearshlándáil

ByVicky Stavropoulou

Meán Fómhair 7, 2023
Citizen Lab, a prominent research organization, recently uncovered a concerning cybersecurity issue. While examining the device of an individual associated with a civil society organization, they discovered an actively exploited zero-click vulnerability. This vulnerability was being utilized to distribute the Pegasus mercenary spyware developed by NSO Group.

The exploit chain responsible for this breach has been named BLASTPASS. It targeted iPhones running the most up-to-date version of iOS, and what sets it apart is its ability to compromise devices without requiring any interaction from the victim. The exploit functioned by sending PassKit attachments, containing malicious images, from the attacker’s iMessage account to the target.

Citizen Lab promptly shared their findings with Apple and assisted them in their investigation. In response, Apple issued two Common Vulnerabilities and Exposures (CVEs) related to this exploit chain (CVE-2023-41064 and CVE-2023-41061). The company has also urged all users to update their devices immediately to ensure their security.

In light of this discovery, it is crucial for individuals and organizations to be vigilant about their cybersecurity. Citizen Lab emphasizes the need for everyone, particularly those who might face heightened risks due to their role or activities, to enable Apple’s Lockdown Mode and regularly update their devices.

The incident once again highlights how civil society organizations are frequently targeted by highly sophisticated exploit techniques and spyware. By actively supporting and collaborating with such organizations, we can enhance our collective cybersecurity. Apple’s swift response and patch cycle are commendable, as they underscore the importance of timely action in addressing these threats.

Overall, this discovery serves as a significant reminder of the ongoing need for robust and proactive cybersecurity measures, especially as malicious actors continue to develop increasingly sophisticated techniques. It is imperative for users to stay informed, remain cautious, and implement necessary security updates to protect their devices and sensitive information.

Foinsí:
– Saotharlann Saoránach

