Apple says updating your iPhone to iOS 16.6.1 will protect you from a nasty exploit that can allow a hacker to view your texts and photos, no click required.
At a very high level: the attacker sends a picture which somehow is opened by Apple Wallet and leads to the execution of arbitrary code (this is the vulnerability, in how the wallet parses the picture, allowing for a buffer overflow), deactivation of certain security features and download/execution of the malicious payload.
sure apple wallet is requierd for it to work? red it like the image part can come remotely by picture 0click (by link preview archived) or via using the wallet app, not both in conjunction.
Citizen Lab says that the Blastpass is delivered to a victim’s phone via images that are attachments to PassKit, which is a suite of code that allows developers to access Apple Pay infrastructure for their apps. Those images are sent from a phony iMessage account, and when the iPhone processes that image, the hacker has free reign over the victim’s device.
It’s zero-click because when your iPhone receives the message with the image, it tries rendering the image, which contains the exploit. Once the attacker is in, they usually delete the message that got them access and all traces, so that you don’t know you’re even hacked. This could happen in the middle of the night when you’re sleeping.
Prior to this update, Lockdown Mode on their iPhones was the only way to protect yourself from this exploit.
So the hacker hacks your phone with his mind?
At a very high level: the attacker sends a picture which somehow is opened by Apple Wallet and leads to the execution of arbitrary code (this is the vulnerability, in how the wallet parses the picture, allowing for a buffer overflow), deactivation of certain security features and download/execution of the malicious payload.
sure apple wallet is requierd for it to work? red it like the image part can come remotely by picture 0click (by link preview archived) or via using the wallet app, not both in conjunction.
It’s zero-click because when your iPhone receives the message with the image, it tries rendering the image, which contains the exploit. Once the attacker is in, they usually delete the message that got them access and all traces, so that you don’t know you’re even hacked. This could happen in the middle of the night when you’re sleeping.
Prior to this update, Lockdown Mode on their iPhones was the only way to protect yourself from this exploit.