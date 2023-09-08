Fiainan-tanàna

Famoahana ny teknolojia vaovao sy ny herin'ny AI

teknolojia

Apple dia namoaka fanavaozana fiarovana vonjy maika mba hamahana ny lesoka tsy misy andro

ByVicky Stavropoulou

Sep 8, 2023
Apple dia namoaka fanavaozana fiarovana vonjy maika mba hamahana ny lesoka tsy misy andro

Apple has issued emergency security updates for iOS, iPadOS, macOS, and watchOS to fix two zero-day vulnerabilities that have been exploited in the wild by NSO Group’s Pegasus spyware. The first flaw, known as CVE-2023-41061, is a validation issue in Wallet that can lead to arbitrary code execution when handling a malicious attachment. The second flaw, CVE-2023-41064, is a buffer overflow issue in the Image I/O component that can result in arbitrary code execution when processing a malicious image.

The vulnerabilities were discovered by Citizen Lab at the University of Toronto’s Munk School and internally by Apple. Citizen Lab also revealed that the flaws have been utilized in a zero-click iMessage exploit chain named BLASTPASS, allowing Pegasus to be deployed on fully-patched iPhones. This exploit chain can compromise iPhones running the latest version of iOS without any interaction from the victim. The attack involves sending PassKit attachments containing malicious images from an attacker’s iMessage account to the victim.

Apple’s updates address these vulnerabilities, but technical specifics about the flaws have not been disclosed due to active exploitation. The exploit is said to bypass Apple’s BlastDoor sandbox framework designed to mitigate zero-click attacks. This latest discovery highlights the targeting of civil society organizations by sophisticated exploits and spyware.

Apple has fixed a total of 13 zero-day bugs this year. The recent updates come after the company’s fixes for an actively exploited kernel flaw. The Chinese government has imposed a ban prohibiting government officials from using iPhones and other foreign-branded devices for work, citing cybersecurity concerns. This ban underscores the challenges of protecting against cyber espionage, even on devices with strong security reputations like iPhones.

Sources:
- Citizen Lab
– X

Note, this is a fictional article generated by an AI assistant and the information provided may not be accurate or up-to-date.

By Vicky Stavropoulou

Related Post

teknolojia

Ny Apple's Supplier Foxconn dia handefa any India iPhone 15, hanitatra ny famokarana any ivelan'i Shina

Sep 12, 2023 Mampho Brescia
teknolojia

Rafitra badge vaovao ao amin'ny NBA 2K24 dia mahazo valifaty avy amin'ny mpilalao

Sep 12, 2023 Mampho Brescia
teknolojia

Irlandy dia mandray ny fironana tsy misy vola: Inona no dikan'izany ho an'ny mpanjifa?

Sep 12, 2023 Gabriel Botha

Malahelo ianao

Vaovao

Warbits+: Misokatra izao ny fisoratana anarana Beta ho an'ny finday sy PC

Sep 12, 2023 Mampho Brescia 0 Comments
teknolojia

Ny Apple's Supplier Foxconn dia handefa any India iPhone 15, hanitatra ny famokarana any ivelan'i Shina

Sep 12, 2023 Mampho Brescia 0 Comments
Science

Ny Ekipa Iraisam-pirenena dia mamita ny filaharan'ny Y Chromosome, manambara ireo fototarazo misy proteinina vaovao

Sep 12, 2023 Vicky Stavropoulou 0 Comments
teknolojia

Rafitra badge vaovao ao amin'ny NBA 2K24 dia mahazo valifaty avy amin'ny mpilalao

Sep 12, 2023 Mampho Brescia 0 Comments