Lemmy.World

166,273 readers
7,153 users here now

The World's Internet Frontpage Lemmy.World is a general-purpose Lemmy instance of various topics, for the entire world to use.

Be polite and follow the rules ⚖ https://legal.lemmy.world/tos

Get started

See the Getting Started Guide

Donations 💗

If you would like to make a donation to support the cost of running this platform, please do so at the following donation URLs.

If you can, please use / switch to Ko-Fi, it has the lowest fees for us

Ko-Fi (Donate)

Bunq (Donate)

Open Collective backers and sponsors

Patreon

Liberapay patrons

GitHub Sponsors

Join the team 😎

Check out our team page to join

Questions / Issues

More Lemmy.World

Follow us for server news 🐘

Mastodon Follow

Chat 🗨

Discord

Matrix

Alternative UIs

Monitoring / Stats 🌐

Service Status 🔥

https://status.lemmy.world

Mozilla HTTP Observatory Grade

Lemmy.World is part of the FediHosting Foundation

founded 1 year ago
ADMINS
ruud
MichelleG
jelloeater85
Xylinna
Thekingoflorda
lwadmin
Rooki
AutoMod
kersploosh
MrKaplan
atomboy
doccod
lwreport
elm
lw_mod_notification
bannanaente
listing: all - local
search
1
21
BLASTPASS: NSO Group iPhone Zero-Click, Zero-Day Exploit Captured in the Wild - The Citizen Lab (citizenlab.ca)
2
236
0-Day Remote iPhone Full Access Being Abused, Update Immediately (citizenlab.ca)
3
10
BLASTPASS: NSO Group iPhone Zero-Click, Zero-Day Exploit Captured in the Wild (citizenlab.ca)
submitted 1 year ago by repostbot33 to c/netsec
0 comments fedilink
4
11
BLASTPASS: NSO Group iPhone Zero-Click, Zero-Day Exploit Captured in the Wild (citizenlab.ca)
submitted 1 year ago by L4s to c/secops
0 comments fedilink
 
 

BLASTPASS: NSO Group iPhone Zero-Click, Zero-Day Exploit Captured in the Wild::Citizen Lab found an actively exploited zero-click vulnerability being used to deliver NSO Group’s Pegasus mercenary spyware while checking the device of an individual employed by a Washington DC-based civil society organization with international offices. We refer to the exploit chain as BLASTPASS. The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim.

5
4
BLASTPASS: NSO Group iPhone Zero-Click, Zero-Day Exploit Captured in the Wild - The Citizen Lab (citizenlab.ca)
6
5
BLASTPASS: NSO Group iPhone Zero-Click, Zero-Day Exploit Captured in the Wild - The Citizen Lab (citizenlab.ca)
 
 

Last week, while checking the device of an individual employed by a Washington DC-based civil society organization with international offices, Citizen Lab found an actively exploited zero-click vulnerability being used to deliver NSO Group’s Pegasus mercenary spyware.

The BLASTPASS Exploit Chain

We refer to the exploit chain as BLASTPASS. The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim.

The exploit involved PassKit attachments containing malicious images sent from an attacker iMessage account to the victim.

We expect to publish a more detailed discussion of the exploit chain in the future.

7
5
NSO Group iPhone Zero-Click, Zero-Day Exploit Captured in the Wild (citizenlab.ca)
 
 

HN Discussion

8
95
BLASTPASS: NSO Group iPhone Zero-Click, Zero-Day Exploit Captured in the Wild (citizenlab.ca)
 
 

We refer to the exploit chain as BLASTPASS. The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim.

9
3
NSO Group iPhone Zero-Click, Zero-Day Exploit Captured in the Wild (citizenlab.ca)
 
 

There is a discussion on Hacker News, but feel free to comment here as well.

view more: next ›