The Cabinet Division has issued a Cyber Security Advisory while saying that Apple iPhones were targeted with Blast Pass Exploit to deploy Pegasus spyware.
The Advisory noted that reportedly, Apple iPhone users are being targeted by NSO Group’s nefarious Spyware i.e. Pegasus. The exploitation process is instigated through the iMessage feature (CVE-2023-41061 and CVE-2023-41064) for the deployment of Blast Pass (zero days and zero click malware).
Blast Pass Exploit
Blast Pass is capable of infecting OS’s latest versions (16.6) without user interaction. In this regard, Apple has issued a remedial advisory for iPhone users.
Ad Powered By Advergic
Loading ad . . .
Ad - Continue scrolling to read
Apple has also generated alerts to inform its users of being targeted by NSO Pegasus spyware or likely targeted by state-sponsored attackers. Apple users are urged to follow the safety steps mentioned in para-3 to prevent Blast Pass Pegasus exploit and other prevalent cyber-attacks.
Specific Safety Steps to Blast Pass Exploit
- Immediately upgrade to the iOS latest version (16.6.1 or above) which covers the majority of security updates related to ongoing attacks.
- Enable lockdown mode (optional; extreme protection mode) to block Blast Pass attack.
- Disable the iMessage feature available on iPhones.
Generic Security Steps for Apple Users
- Protect devices with strong passcodes and use two-factor authentications on Apple ID.
- Install apps from the official Apple Store only to avoid malware/infection.
- Use anonymity-based solutions (over the internet while surfing) and mask the identity of key appointment holders/individuals.
- Always disable location from Apple devices.
- Subscribe to Apple’s security bulletins, threat notifications, and auto OS update features.
- Strictly avoid using phones at sensitive locations/meetings.