Ua hoʻopuka ka US Cybersecurity and Infrastructure Security Agency (CISA) i kahi ʻōlelo aʻo i nā keʻena federal, e koi ana iā lākou e hōʻano hou i kā lākou iOS, iPadOS, a me nā polokalamu macOS i loko o hoʻokahi mahina. ʻO kēia ka pane i ka loaʻa ʻana o ʻelua mau mea nāwaliwali i nā huahana Apple i hiki ke hoʻohana ʻia e ka hoʻouka kaua spyware.

ʻO ka haʻahaʻa mua, i kapa ʻia ʻo CVE-2023-41064, kahi haʻahaʻa haʻahaʻa hoʻoheheʻe i ImageIO. Loaʻa ia i ka wā e hana ai i kahi kiʻi i hana ʻia a hiki ke alakaʻi i ka hoʻokō code. ʻO ka lua o ka nāwaliwali, CVE-2023-41061, he pilikia hōʻoia i Apple Wallet. Hiki i ka hoʻopili ʻana i hana ʻino ʻia ke hopena i ka hoʻokō code.

Ua ʻike koke ʻo Citizen Lab, kahi hui waiwai ʻole i kēia mau nāwaliwali ma ke ʻano he ʻāpana o kahi kaulahao hoʻohana i kapa ʻia ʻo "BlastPass." Ua hoʻohana ʻia kēia kaulahao no ka hāʻawi ʻana i ka spyware Pegasus i kekahi limahana o kahi hui hui kīwila ma Wakinekona. Ua hōʻike ʻo Citizen Lab i ka hoʻohana ʻana i nā mea hoʻopili PassKit i loaʻa nā kiʻi ʻino i hoʻouna ʻia ma o iMessage.

ʻOiai ʻaʻole maopopo ka mea nāna i ʻae i kēia mau hoʻouka ʻana, aia ka hopohopo e hiki ke hoʻohana ʻia lākou e hoʻopaʻa i nā luna aupuni o US inā e hana ʻia e kahi lāhui ʻenemi. I ka wā ma mua, ua hōʻike ʻia nā hoʻouka kaua spyware like ʻole, me ʻeiwa mau luna o ka US State Department i kā lākou iPhones hacked mamao i 2021.

Ua hoʻoholo ʻo Apple e hana i ke kānāwai e kūʻē i ka hui Israeli NSO Group, ka mea i manaʻoʻiʻo ʻia ke kuleana no ka hoʻomohala ʻana a kūʻai aku i ka spyware Pegasus. Ua ʻōlelo ʻo NSO Group ua manaʻo ʻia kāna mau huahana no ka hoʻokō kānāwai kūpono a me nā kumu o ka ʻohi ʻike.

No ka hoʻohaʻahaʻa ʻana i ka pilikia o ka hoʻouka ʻana i ka spyware, ua loaʻa i nā keʻena federal a hiki i ʻOkakopa 2 e hoʻopaʻa i nā nāwaliwali i ʻike ʻia ma o nā mea kūʻai kūʻai hou. Inā ʻaʻole e hana pēlā, hiki ke hoʻopau ʻia ka hoʻohana ʻana i kēia mau huahana Apple.

- "Ke koi aku nei ka US Cybersecurity and Infrastructure Security Agency (CISA) i ka hoʻopaʻa koke ʻana o nā mea ʻino Apple i ʻike ʻia" - CISA

- "BlastPass: Zero-Click Mobile Exploitation of Apple's iMessage" - Citizen Lab