If your iPhone is notified of an incoming iOS 16.6.1, it’s high time that you get the update ASAP. Turns out Apple acknowledged a critical security issue with its iOS update after Citizen Lab, a spyware research group, notified the tech giant of an exploit that could allow NSO Group’s Pegasus spyware to infiltrate. Fortunately, it took Apple just a week to plug the exploit and release a critical iOS 16.6.1 security update patching it.
According to the reports, if attackers get hold of the exploit, they can easily infect the device with Israel-based NSO Group’s Pegasus software. For the unversed, Pegasus is a surveillance spyware made by a private organization for government agencies. It lets the governments track certain persons of interest such as activists and journalists among others.
Perhaps, the primary agenda of this spyware is to record and send back data containing text messages, calls, location, and more that is relayed to the one who infected the devices in the first place.
According to the excerpts put up by Citizen Lab which discovered the exploit and alerted Apple, the exploit uses PassKit (a framework that Apple uses for Wallet and Apple Pay) and Apple SDK. The infiltrators would send out malicious images via iMessage to trigger the exploit on the infected device and that’s all without any input or alert to the iPhone owners. It has been summoned as a zero-day and zero-click exploit dubbed ‘Blastpass’.
With the onset of iOS 16.6.1 that is being fed to all the eligible iPhones across the globe, users should be able to steer clear of the exploit. Citizen Lab suggests that the exploit could have far-reaching effects if left unchecked. For now, iOS Lockdown mode can help protect the devices from such exploits albeit at the cost of restricted functionality until you get iOS 16.6.1 security update on your device.