The infamous Pegasus spyware is being used in targeted attacks on Apple iPhone customers, according to a recent Cyber Security Advisory from the Cabinet Division.
The advisory highlights a sophisticated exploitation technique known as the “Blast Pass Exploit” that takes advantage of vulnerabilities in the iMessage feature (CVE-2023-41061 and CVE-2023-41064), allowing the deployment of zero-day and zero-click malware.
Without any user engagement, the cyber virus known as Blast Pass can infect even the most recent versions of iOS, like as the current 16.6.
Apple issued a corrective recommendation for iPhone customers in response to the problem with promptitude. In order to inform consumers whether they are in danger of being attacked by state-sponsored actors or the Pegasus spyware, they have now started sending out alerts.
Specific Safety Steps to Blast Pass Exploit
- Immediately upgrade to the iOS latest version (16.6.1 or above) which covers the majority of security updates related to ongoing attacks.
- Enable lockdown mode (optional; extreme protection mode) to block Blast Pass attack.
- Disable the iMessage feature available on iPhones.
Generic Security Steps for Apple Users
- Protect devices with strong passcodes and use two-factor authentications on Apple ID.
- Install apps from the official Apple Store only to avoid malware/infection.
- Use anonymity-based solutions (over the internet while surfing) and mask the identity of key appointment holders/individuals.
- Always disable location from Apple devices.
- Subscribe to Apple’s security bulletins, threat notifications, and auto OS update features.
- Strictly avoid using phones at sensitive locations/meetings.
