On August 7, Apple released an emergency patch to address two zero-day vulnerabilities in the operating systems of its popular iPad, iPhone, MacBook, and Watch devices. The vulnerabilities, designated CVE-2023-41064 and CVE-2023-41061, have been observed being exploited in the wild to deliver Pegasus malware.
Security researchers have discovered a campaign, dubbed BLASTPASS, that combines the flaws to conduct a zero-click attack on iMessage users. A successful compromise results in Pegasus being deployed without any user interaction, even on previously fully patched phones. The campaign was discovered during an investigation of a device belonging to an individual employed by a Washington, D.C.-based civil society organization with international offices.
Source: The Hacker News
Analysis
Pegasus malware was developed by the NSO Group, a cybersecurity company based in Israel. The malware is marketed as a tool that helps government agencies prevent and investigate terrorism and crime to save lives around the world.
However, Pegasus malware has a track record of being used by governments against their own citizens, rivals, and detractors. For example, it was reported in 2021 that the government of Saudi Arabia used Pegasus malware to monitor people close to Jamal Khashoggi, before and after his death in the Saudi embassy in Turkey.
As long as the NSO Group can identify and exploit zero-day vulnerabilities in Apple devices, its malware will remain popular with governments that lack the resources to develop their own Apple exploits yet still have a requirement to obtain information from these devices and the people using them.
Mitigation
Field Effect’s elite team of Security Intelligence professionals constantly monitor the cyber threat landscape for vulnerabilities discovered in software such as Apple’s iOS. This research contributes to the timely deployment of signatures into Covalence to detect and mitigate the exploitation of these vulnerabilities. Covalence users are automatically notified when vulnerable software is detected in their environment and are encouraged to review these AROs as quickly as possible.
Field Effect strongly encourages users of Apple devices to update to the latest version of iOS as soon as possible.
References
