Apple Releases Security Updates to Patch Zero-Day Exploits
On Thursday, Apple released security updates that patch two zero-day exploits used against a member of a civil society organization in Washington, D.C. The vulnerabilities were discovered by Citizen Lab, an internet watchdog group that investigates government malware.
Citizen Lab Finds Zero-Click Vulnerability
According to Citizen Lab’s short blog post, they found a zero-click vulnerability last week that was used to target victims with malware. The researchers stated that the vulnerability was part of an exploit chain designed to deliver NSO Group’s malware, known as Pegasus. "The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim," Citizen Lab wrote.
Researchers Report Vulnerability to Apple
Once they found the vulnerability, the researchers reported it to Apple, which released a patch on Thursday, thanking Citizen Lab for reporting them. It appears that Apple may have found the second vulnerability while investigating the first, as the company patched another vulnerability and attributed its finding to itself.
Citizen Lab Calls Exploit Chain BLASTPASS
The researchers at Citizen Lab called the exploit chain "BLASTPASS" because it involved PassKit, a framework that allows developers to include Apple Pay in their apps. They warned that this exploit chain was capable of compromising iPhones without any interaction from the victim.
Lockdown Mode May Have Blocked Exploits
John Scott-Railton, a senior researcher at Citizen Lab, noted on Twitter that Lockdown Mode, an opt-in mode that enhances some security features and blocks others to reduce the risk of targeted attacks, would have blocked the exploits found in this case. He also stated that he and his colleagues, as well as Apple’s Security Engineering and Architecture team, believe that Lockdown Mode would have prevented these vulnerabilities.
Update: Citizen Lab Recommends Updating iPhones
Citizen Lab recommended that all iPhone users update their phones to prevent these vulnerabilities from being exploited. They emphasized the importance of staying up-to-date with security patches to protect against emerging threats.
NSO Group’s Pegasus Malware
The researchers at Citizen Lab specifically mentioned NSO Group’s malware, known as Pegasus, in relation to the exploit chain BLASTPASS. NSO Group has been linked to several high-profile hacking incidents and has faced scrutiny for its alleged involvement in human rights abuses through its spyware.
Apple’s Response
When reached for comment, Apple spokesperson Scott Radcliffe did not provide any additional information but referred TechCrunch to the notes in the security update.
Citizen Lab’s Role as Cybersecurity Early Warning System
John Scott-Railton tweeted that civil society organizations like Citizen Lab are serving as the cybersecurity early warning system for billions of devices around the world. He emphasized the importance of these organizations in identifying and reporting emerging threats to technology companies like Apple.
Update: Lockdown Mode and BLASTPASS Exploit Chain
On Friday, September 8th, this story was updated to include additional information about Lockdown Mode’s potential effectiveness against the BLASTPASS exploit chain.
Zero-Day Exploits: A Growing Concern
The discovery of zero-day exploits used by hackers to target iPhone users highlights a growing concern in the cybersecurity community. Zero-day exploits are vulnerabilities that are unknown at the time they are discovered, making them particularly challenging to defend against.
The Role of Citizen Lab and Other Civil Society Organizations
Citizen Lab’s role in discovering and reporting these vulnerabilities underscores the importance of civil society organizations in identifying emerging threats. These groups often serve as a critical first line of defense in detecting and mitigating cyber attacks.
Lockdown Mode: An Opt-In Security Feature
Apple introduced Lockdown Mode as an opt-in feature that enhances some security features and blocks others to reduce the risk of targeted attacks. The feature was designed to provide additional protection for users who are particularly concerned about being targeted by hackers.
The BLASTPASS Exploit Chain: A Detailed Analysis
Citizen Lab’s detailed analysis of the BLASTPASS exploit chain reveals a sophisticated attack vector that takes advantage of vulnerabilities in PassKit, a framework used for Apple Pay. The researchers noted that this exploit chain was capable of compromising iPhones without any interaction from the victim.
NSO Group and Pegasus Malware: A History of Controversy
NSO Group has faced intense scrutiny over its alleged involvement in human rights abuses through its spyware, including the use of Pegasus malware. The company’s products have been linked to several high-profile hacking incidents around the world.
Citizen Lab’s Recommendation for iPhone Users
In light of these discoveries, Citizen Lab recommends that all iPhone users update their devices to prevent these vulnerabilities from being exploited. They emphasize the importance of staying up-to-date with security patches to protect against emerging threats.
Conclusion
The discovery of zero-day exploits used by hackers to target iPhone users underscores the importance of ongoing cybersecurity efforts. Apple’s release of security updates and Citizen Lab’s detailed analysis of the BLASTPASS exploit chain highlight the need for vigilance in protecting against emerging threats. As technology continues to evolve, so too must our defenses against cyber attacks.
Additional Resources
- Apple Security Updates
- Citizen Lab’s Report on BLASTPASS Exploit Chain
- NSO Group and Pegasus Malware: A History of Controversy
Related Topics
