Apple fixes two Zero Day attacks (CVE-2023-41064, CVE-2023-41061)

Apple has fixed two zero-day vulnerabilities (CVE-2023-41064, CVE-2023-41061) exploited to distribute NSO Group’s Pegasus spyware.

“The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any victim interaction,” Citizen Lab explained.

“The feat involved PassKit attachments containing malicious images sent from an attacking iMessage account to the victim.

About vulnerabilities

CVE-2023-41064 is a buffer overflow vulnerability in the ImageI/O framework, which allows applications to read and write most image file formats. The vulnerability can be triggered by a maliciously crafted image and lead to arbitrary code execution.

CVE-2023-41061 is a validation issue in Apple Wallet, where users can store payment cards, IDs, event tickets, travel tickets, and more. The vulnerability can be triggered by a maliciously crafted attachment and lead to arbitrary code execution.

CVE-2023-41064 was reported by the Citizen Lab at the University of Toronto’s Munk School, while CVE-2023-41061 was identified by Apple with their help, likely while they were validating the existence of CVE -2023-41064.

Both have been fixed in the Branch iOS 16. A fix for CVE-2023-41064 is also included in the latest security update for macOS Ventura (13.5.2)and for CVE-2023-41061 in watchOS 9.6.2.

The fixes will likely be backported to older iOS, iPadOS, and macOS branches soon.

An exploit chain to target high-risk users

The exploit chain – dubbed BLASTPASS by Citizen Lab – was detected while scanning the device of an individual employed by a Washington DC-based civil society organization with international offices.

“This latest discovery once again shows that civil society is the target of highly sophisticated exploits and mercenary spyware,” they say. said. “We plan to publish a more detailed discussion of the mining chain in the future.”

“Regular” users are advised to update their devices as soon as possible, but users who are at risk of highly targeted cyberattacks with spyware like Pegasus should consider enabling lock mode.

“We believe, and Apple’s security architecture and engineering team has confirmed to us, that Lock mode blocks this particular attack,” Citizen Lab pointed out.

Another good idea for users running the latest versions of Apple’s operating systems is to enable Apple Rapid Security Response, which automatically installs security patches as they become available.