Honeypots

There’s yet another 0-day exploit chain discovered as part of NSO Group’s Pegasus malware suite. This one is known as BLASTPASS, and it’s a nasty one. There’s no user interaction required, just receiving an iMessage containing a malicious PassKit attachment.

We have two CVEs issued so far. CVE-2023-41064 is a classic buffer overflow in ImageIO, the Apple framework for universal file format read and write. Then CVE-2023-41061 is a problem in the iOS Wallet implementation. Release 16.6.1 of the mobile OS addresses these issues, and updates have rolled out for macOS 11, 12, and 13.

It’s worth noting that Apple’s Lockdown mode does seem to block this particular exploit chain. Citizen Lab suggests that high-risk users of Apple hardware enable Lockdown Mode for that extra measure of security. Continue reading “This Week In Security: Blastpass, MGM Heist, And Killer Themes” →

Hackaday

1 Articles

This Week In Security: Blastpass, MGM Heist, And Killer Themes

Search

Never miss a hack

If you missed it

VAR Is Ruining Football, And Tech Is Ruining Sport

Mining And Refining: Uranium And Plutonium

Programming Ada: First Steps On The Desktop

The Hunt For MH370 Goes On With Barnacles As A Lead

MXM: Powerful, Misused, Hackable

Our Columns

FLOSS Weekly Episode 781: Resistant To The Wrath Of God

Programming Ada: Packages And Command Line Applications

Supercon 2023: Jose Angel Torres On Building A Junkyard Secure Phone

2024 Home Sweet Home Automation: The Winners Are In

Upgrade Your Test Probes

Search

Never miss a hack

Subscribe

If you missed it

Our Columns