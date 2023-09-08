逸耘居

立即更新您的 iPhone 软件以修补关键的安全漏洞

8 年 2023 月 XNUMX 日
Apple has released a critical security update for iPhones to address a zero-day bug in iOS 16. This bug allowed attackers to remotely install spyware on a device without any interaction from the iPhone owner. The exploit was discovered by spyware research group Citizen Lab, who immediately alerted Apple.

The zero-click zero-day exploit was used to install the Pegasus spyware developed by the NGO Group onto an iPhone belonging to an employee of a civil society organization based in Washington DC. Pegasus is a spyware developed by a private contractor for government use. Once installed, it infects the phone and sends back various types of data, including photos, messages, and audio/video recordings.

To mitigate the risk of this exploit, Apple has released iOS 16.6.1, urging iPhone owners to install it as soon as possible, regardless of whether they are likely targets for spyware. There is always a possibility that various groups may attempt to reverse engineer the security update to exploit this vulnerability, increasing the risk of broader attacks.

Although Citizen Lab has not provided a detailed breakdown of the vulnerability, it involves PassKit, the framework supporting Apple Pay and Wallet. The exploit uses attachments with malicious images that are sent through iMessage. Citizen Lab has promised to provide a more detailed discussion of the exploit chain in the future.

Over the years, iOS vulnerabilities have frequently made headlines, particularly those that have been actively exploited before Apple was aware of the flaw. To address these issues, Apple has developed a Rapid Security Response system, enabling security fixes to be added to iPhones without requiring a reboot.

It is worth noting that Citizen Lab suggests enabling Apple’s Lockdown Mode to protect against this exploit, especially if there is a risk of being targeted by state-sponsored spyware. Lockdown Mode provides an added layer of security for iPhone users.

