Apple Releases Security Updates to Patch Zero-Day Exploits
On Thursday, Apple released security updates that patched two zero-day exploits used against a member of a civil society organization in Washington, D.C. The vulnerabilities were discovered by researchers at Citizen Lab, an internet watchdog group that investigates government malware.
Citizen Lab Discovers Zero-Click Vulnerability
According to Citizen Lab’s blog post, the researchers found a zero-click vulnerability that allowed hackers to target victims with malware without any interaction from the victim. The vulnerability was used as part of an exploit chain designed to deliver NSO Group’s malware, known as Pegasus.
"The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim," Citizen Lab wrote in their blog post.
Citizen Lab Reports Vulnerability to Apple
Once they found the vulnerability, the researchers reported it to Apple, which released a patch on Thursday, thanking Citizen Lab for reporting them. Based on what Citizen Lab wrote in the blog post and the fact that Apple also patched another vulnerability and attributed its finding to the company itself, it appears Apple may have found the second vulnerability while investigating the first.
Lockdown Mode Could Have Blocked Exploits
Citizen Lab recommended all iPhone users to update their phones. Scott-Railton, a senior researcher at Citizen Lab, wrote on Twitter that he and his colleagues, as well as Apple’s Security Engineering and Architecture team, believe that Lockdown Mode would have blocked the exploits found in this case.
"Once more, civil society is serving as the cybersecurity early warning system for… billions of devices around the world," Scott-Railton tweeted.
NSO Group’s Malware
Citizen Lab named the exploit chain "BLASTPASS", because it involved PassKit, a framework that allows developers to include Apple Pay in their apps. The researchers also stated that they believe NSO Group’s malware, Pegasus, was used as part of the exploit chain.
"Lockdown Mode would have blocked these exploits," Scott-Railton said on Twitter. "It’s another example of how critical it is for users to enable Lockdown Mode."
Apple’s Response
When reached for comment, Apple spokesperson Scott Radcliffe did not comment and referred TechCrunch to the notes in the security update.
Citizen Lab Recommends Updating iPhone
Citizen Lab recommended all iPhone users to update their phones. The researchers also stated that they believe NSO Group’s malware was used as part of the exploit chain.
"We are recommending that all iPhone users update their devices with the latest security patch," Citizen Lab wrote in a tweet.
Lockdown Mode: A Security Feature
Scott-Railton also explained what Lockdown Mode is and how it can help prevent such exploits. "Lockdown Mode is an opt-in mode that enhances some security features and blocks others to reduce the risk of targeted attacks," he said on Twitter.
Citizen Lab and Apple’s researchers believe that if the victim had enabled Lockdown Mode, the exploit chain would have been blocked.
What Is NSO Group?
NSO Group is a company based in Israel that specializes in developing surveillance technology. The company has faced criticism for its role in developing malware that can be used to spy on individuals and organizations.
Zero-Day Exploits: A Growing Concern
Zero-day exploits are hacking techniques that were unknown at the time Apple found out about them. These types of exploits pose a significant threat to cybersecurity, as they can allow hackers to gain access to devices without any interaction from the victim.
Apple has released patches for two zero-day exploits used against a member of a civil society organization in Washington, D.C.
The vulnerabilities were discovered by researchers at Citizen Lab and reported to Apple. The company released a patch on Thursday, thanking Citizen Lab for reporting them.
Recommendations
Citizen Lab recommended all iPhone users to update their phones. The researchers also stated that they believe NSO Group’s malware was used as part of the exploit chain.
"We are recommending that all iPhone users update their devices with the latest security patch," Citizen Lab wrote in a tweet.
Conclusion
The recent release of security updates by Apple highlights the growing concern of zero-day exploits and the importance of cybersecurity. The fact that these types of exploits can allow hackers to gain access to devices without any interaction from the victim makes them particularly concerning.
Citizen Lab’s discovery of the vulnerabilities and their reporting to Apple demonstrate the critical role that civil society organizations play in identifying and mitigating cyber threats.
Timeline
- Thursday: Apple releases security updates to patch two zero-day exploits.
- Citizen Lab discovers zero-click vulnerability that allows hackers to target victims with malware without any interaction from the victim.
- Researchers report vulnerability to Apple, which releases a patch on Thursday.
- Lockdown Mode is an opt-in mode that enhances some security features and blocks others to reduce the risk of targeted attacks.
References
Citizen Lab. (2023). "Zero-Click Vulnerability Used to Target Victim with NSO Group’s Malware".
Apple. (2023). "Security Update: iOS 16.6 Patch Notes".