PSA: Update your iPhone, Mac, iPad, and Apple Watch now to fix the "BLASTPASS" exploit

Note: This article was first published on 8 September 2023.

Apple has just released updates of iOS, iPadOS, macOS, and watchOS that fix two serious security vulnerabilities.

According to a report, the updates address two zero-day vulnerabilities that researchers at the Citizen Lab at The University of Toronto discovered.

The researchers also said that they were used to deliver NSO Group's Pegasus spyware to at least one victim.

The vulnerabilities are part of an exploit chain known as "BLASTPASS" which allows attackers to compromise phones without requiring any action from the target.

This zero-click vulnerability involves sending a "maliciously crafted" PassKit image to a target via iMessage, and it's capable of infecting their devices without any interaction from the victim.

Since the Pegasus spyware was developed in 2011, it has been used mainly by governments to spy on targets. It's particularly insidious because it's often installed using zero-clicks exploits and runs silently in the background. Furthermore, it is capable of harvesting a wealth of data including text messages, calls, passwords, and location information.

As of now, the only way to protect yourself from this vulnerability is to either apply today's update or put your device in Lockdown Mode.

You want to make sure your devices are running the following versions of software: