Robert Triggs / Android Authority
- Apple has released security updates for iOS, iPadOS, macOS, and watchOS.
- The latest patch fixes two zero-day vulnerabilities commonly known as BLASTPASS.
- The security flaws allow malicious images or attachments to install malware on your Apple device.
If you have an iPhone, iPad, MacBook, or Apple Watch, you will want to update your device as soon as possible. Even if you typically avoid updates, this patch is one you shouldn’t miss, as it fixes two serious bugs.
Apple has released a new update that addresses the zero-day vulnerabilities CVE-2023-41064 and CVE-2023-41061, according to Ars Technica. Zero-day vulnerabilities are security flaws that have been discovered before security researchers or software developers become aware of them, making them a higher risk than other threats.
The updates include iOS 16.6.1, iPadOS 16.6.1, macOS 13.5.2, and watchOS 9.6.2. Unfortunately, it appears there have been no patches rolled out for older OS versions.
CVE-2023-41064 and CVE-2023-41061, better known as BLASTPASS, allow for images and attachments to install malware on your device. For example, loading a malicious image from WhatsApp, iMessage, or Safari could trigger the installation of malware. This cyberattack technique is known as steganography, or the hiding of a file within another file. It works by inserting malicious code in the hidden data that comes with an image.
The security gaps were first reported by the Citizen Lab at the Munk School of Global Affairs & Public Policy at the University of Toronto. Citizen Lab says that BLASTPASS was “being used to deliver NSO Group’s Pegasus mercenary spyware.”
Since Apple is holding its “Wonderlust” event on September 12, this will probably be the last update before the iPhone 15 launches. Apple will likely announce iOS 17 during this keynote.