Citizen Lab found an actively exploited zero-click vulnerability being used to deliver NSO Group’s Pegasus mercenary spyware while checking the device of an individual employed by a Washington DC-based civil society organization with international offices. We refer to the exploit chain as BLAST...
We refer to the exploit chain as BLASTPASS. The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim.
The fine folks at CitizenLab are doing such important work. I just want to call out what a net-benefit they are for us all. I can't count how many times I see or hear their name in sec updates, sec podcasts, news stories, etc. Thank you to CitizenLab!
Who claims that anymore? Ever since covid there's been tons of zero days updates. The only security benefit is not having extremely delayed updates like most android devices.