Pegasus Strikes Again, Update Your iPhone Now, and Trust Malloc for Online Safety. Pegasus, the NSO well-known spyware, is causing concern again. Apple has issued vital updates, so make sure to update your iPhone immediately. For extra protection, trust Malloc’s advanced security measures, which include blocking spyware-ridden websites and utilizing cutting-edge machine learning algorithms. Stay safe and secure online with Malloc.
In the fast-evolving world of cybersecurity, the recent BLASTPASS incident has once again shed light on the importance of staying vigilant online. This incident, uncovered by the Citizen Lab (September 7th 2023) , exposed a zero-click vulnerability in Apple devices that allowed malicious actors to compromise iPhones without any interaction from the user. Let’s break down what happened, what “zero-click” means, and how Malloc Privacy & Security VPN can help keep you safe and private online.
The BLASTPASS
Incident:
Citizen Lab, a research group associated with the University of
Toronto, recently discovered an actively exploited zero-click vulnerability. This vulnerability
was used to deliver NSO Group’s Pegasus spyware, a sophisticated and highly invasive
surveillance tool. What’s alarming is that this vulnerability affected even the latest iOS
version, making it crucial for users to take immediate action.
According to Apple, the vulnerability ‘CVE-2023–41064’ was identified based on information provided by The Citizen Lab. This vulnerability affects iPhone 8 and later models, iPad Pro (all models), 3rd generation iPad Air and later models, 5th generation iPad and later models, and 5th generation iPad mini and later models. Specifically, ``Processing a maliciously crafted image may lead to arbitrary code execution,’’ and Apple has stated that this vulnerability may have been actively exploited. The specific impact is that ``arbitrary code may be executed by a maliciously created attachment,’’ and there is a possibility that this was also actively exploited.
The exploit chain was capable of compromising iPhones, iPad Pro (all models) running the latest version of iOS (16.6) without any interaction from the victim.
What Does “Zero-Click”
Mean?
Zero-click exploits are a nightmare for cybersecurity experts and users
alike. Unlike traditional cyberattacks that require some form of user interaction, such as
clicking on a malicious link or downloading a suspicious attachment, zero-click exploits operate
stealthily. Zero-click attacks can compromise your device without any
action on your part. In
the BLASTPASS case, the attack involved malicious PassKit attachments sent via iMessage, making
it incredibly difficult for users to detect or prevent.
Update your iPhone
Now
Apple
released iOS 16.6.1 today, patching two vulnerabilities exploited by BLASTPASS in Wallet
(CVE-2023–41061) and ImageIO (CVE-2023–41064) so update your iPhones! Also, if you’re at risk
because of who you are or what you do, please enable Lockdown Mode.
Stay Safe with Malloc
Privacy & Security VPN:
In a world where online privacy and security are paramount, using a reliable
VPN (Virtual Private Network) like Malloc Privacy & Security VPN is crucial. Here’s how it can
help:
- Encryption & Anonymous Browsing : Malloc VPN secures your
internet traffic, shielding your data
from cybercriminals, even if they compromise your connection. Your real IP address is hidden,
thwarting website tracking and invasive data collection.
- Automatic Spyware Blocking: When you’re connected to our
servers and have the “Block Spyware”
option activated, our system takes over. It automatically blocks all known malicious links in
real-time, ensuring you have a secure and private online experience.
- Communication Blocking: If you happen to visit a website
associated with spyware or have been a
victim of a zero-click attacked by receiving for example a malicious image on your phone, Malloc
will swiftly block any communication with the spyware, preventing any harm to your device. You
will receive a notification informing you of this action. *Do mind that you need to have your
Malloc VPN Data Shield Activated.
- Privacy & Security Monitoring Report: Malloc doesn’t stop at
protection; it also keeps you
informed. Our app will update your Privacy & Security Monitoring Report, documenting the
incident. Below, you can see how Malloc detects spyware, blocks it, and clearly displays it as
“blocked spyware” in the Connection Report and Privacy monitoring.
Your online safety is not just our business; it’s our mission.
Published on Medium
