Apple has released iOS 16.6.1, a security update that addresses a critical vulnerability that could be exploited by the Pegasus spyware. The update is available for all iPhone and iPad users running iOS 16 or later.
The vulnerability, dubbed "Blastpass," was discovered by Citizen Lab, a research group at the University of Toronto. Blastpass is a zero-day exploit, meaning it was unknown to Apple before it was exploited by Pegasus. Zero-day exploits are the most dangerous type of vulnerability because there is no patch available to fix them.
Blastpass is a buffer overflow vulnerability in the PassKit SDK, which is used by Apple Pay and other apps. The vulnerability can be exploited by sending a malicious image to a victim via iMessage. When the victim opens the image, the Pegasus spyware can be installed on their device without their knowledge or consent.
Once installed, Pegasus can give the attacker access to the victim's device, including their messages, calls, photos, and location data. Pegasus can also be used to track the victim's movements and record their conversations.
Apple has patched the Blastpass vulnerability in iOS 16.6.1 which runs on number of devices including iPhone 14 Pro Max, iPhone 13 Pro Max, iPhone 11 and iPhone X. Users are urged to install the update as soon as possible to protect themselves from Pegasus.
In addition to the security update, Apple has also released a new feature called Lockdown Mode. Lockdown Mode is a set of extreme security measures that can be enabled to protect against targeted attacks like those carried out by Pegasus. Lockdown Mode restricts certain features of the iPhone, such as iMessage, FaceTime, and web browsing.
The release of iOS 16.6.1 and Lockdown Mode is a significant step by Apple to protect its users from Pegasus. However, it is important to note that no security measure is perfect. Users should still be vigilant about protecting their devices from malware and other threats.
Here are some additional tips for protecting your iPhone from Pegasus:
- Keep your device's software up to date.
- Be careful about what links you click on and what attachments you open.
- Use a strong password and enable two-factor authentication.
- Consider using a privacy-focused browser like DuckDuckGo.
- Install a security app like Malwarebytes.
By following these tips, you can help protect your iPhone from Pegasus and other malware.