September 11 – Last week, Apple revealed that two security bugs were being exploited within a zero-click campaign designed to distribute the NSO Group’s Pegasus spyware. Apple resolved the bugs shortly thereafter.

Targets included those connected with government organizations. In the past, NSO spyware has been used to target journalists, lawyers, activists and government officials.

Device updates

Researchers encourage Apple customers to update devices and suggested that possible victims (due to identity or profession) may want to activate Lockdown Mode. This will help mitigate intrusions.

Technical details

The two bugs enabled cyber criminals to infect a fully-patched iPhone running iOS 16. “The exploit involved PassKit attachments containing malicious images sent from an attacker iMessage account to the victim,” according to cyber security researchers.

The zero-days

The exploits were discovered within the Image I/O and Wallet frameworks. One of the bugs was a buffer overflow, triggered when processing maliciously crafted images. The other was a validation issue that could be exploited via malicious attachments.

Both enabled cyber criminals to gain arbitrary code execution on unpatched iPhone and iPad devices.

Further information

The list of affected devices includes:

• iPhone 8 and later
• iPad Pro (all models), iPad Air 3^rd generation, iPad 5^th generation and later, and iPad mini 5^th generation and later
• Macs running macOS Ventura
• Apple Watch Series 4 and later

Since the start of 2023, Apple has resolved 13 zero-day exploits.

For more Apple spyware insights, please see CyberTalk.org’s past coverage. Lastly, to receive more timely cyber security insights and cutting-edge analyses, please sign up for the cybertalk.org newsletter.