If you own an iPhone, iPad, MacBook, or Apple Watch, it’s imperative to ensure your device is up to date without delay. Even if you usually shy away from updates, this particular one is a must-have, as it resolves two significant vulnerabilities.
Apple has recently rolled out an essential update aimed at addressing the zero-day vulnerabilities known as CVE-2023-41064 and CVE-2023-41061, as reported by Ars Technica. Zero-day vulnerabilities are security weaknesses that are discovered by hackers before security experts or software developers become aware of them, making them particularly dangerous.
The update encompasses iOS 16.6.1, iPadOS 16.6.1, macOS 13.5.2, and watchOS 9.6.2. Regrettably, it seems that no patches have been released for older operating system versions.
These vulnerabilities, commonly referred to as BLASTPASS (CVE-2023-41064 and CVE-2023-41061), could potentially enable cybercriminals to infiltrate your device through images and attachments. For instance, simply loading a malicious image from platforms like WhatsApp, iMessage, or Safari could trigger the installation of malware. This malicious technique is known as steganography, which involves concealing one file within another by embedding harmful code within the concealed data of an image.
The discovery of these security flaws was initially reported by Citizen Lab at the Munk School of Global Affairs & Public Policy at the University of Toronto. Citizen Lab has revealed that BLASTPASS was being utilized to distribute NSO Group’s Pegasus mercenary spyware.
Considering that Apple’s “Wonderlust” event is scheduled for September 12, this update is likely to be the final one before the release of the iPhone 15. It is anticipated that Apple will unveil iOS 17 during this upcoming keynote event.
