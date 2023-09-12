Apple has issued security updates for older iPhone models in order to address a recently discovered zero-day vulnerability. Tracked as CVE-2023-41064, this vulnerability was actively exploited to infect iOS devices with the Pegasus spyware developed by NSO Group.

The zero-day vulnerability, CVE-2023-41064, is a remote code execution flaw that is exploited by sending maliciously crafted images through iMessage. Citizen Lab, a security research group, revealed earlier this month that this vulnerability, along with another flaw known as CVE-2023-41061, were part of a zero-click attack chain called BLASTPASS. In this attack, specially crafted images were sent via iMessage PassKit attachments to install spyware on targeted devices.

Even fully patched iOS devices running version 16.6 were susceptible to this attack. In response, Apple released macOS Ventura 13.5.2, iOS 16.6.1, iPadOS 16.6.1, and watchOS 9.6.2 as security updates to fix these vulnerabilities. The Cybersecurity and Infrastructure Security Agency (CISA) also issued an alert requiring federal agencies to apply the patches by October 2, 2023.

To further protect devices, Apple has backported the security updates to older software versions. iOS 15.7.9 and iPadOS 15.7.9, macOS Monterey 12.6.9, and macOS Big Sur 11.7.10 now include the necessary fixes.

It should be noted that support for iOS 15 ended in September 2022, while Monterey and Big Sur are still supported by Apple. The security updates cover a range of older iPhone models, including iPhone 6s, iPhone 7, first-generation iPhone SE, iPad Air 2, fourth-generation iPad mini, and seventh-generation iPod touch.

While no attacks on macOS computers have been observed thus far, it is still strongly recommended to apply the security updates on these devices as well. Apple has been working diligently throughout the year to fix various zero-day vulnerabilities across its platforms, with a total of 13 vulnerabilities being patched so far.

