CISA, the United States's Cybersecurity and Infrastructure Security Agency, has ordered federal agencies to patch their iPhones against vulnerabilities that can be used as part of a zero-click attack to install spyware from the notorious NSO Group.
In this particular instance, the attack - which has been called BLASTPASS by the researchers at Citizen Lab - involves maliciously-crafted PassKit attachments containing images sent from an attacker's iMessage account to their intended victim.
NSO Group is the Israeli 'cyberwarfare' firm behind the Pegasus spyware, which is marketed for use by governments and law enforcement agencies in online operations against criminals and terrorists. In the past Pegasus has been used to spy on well-known figures such as Amazon founder Jeff Bezos, as well as human rights activists, journalists and lawyers.
[
Collection
]
[
|
...
]