Apple says updating your iPhone to iOS 16.6.1 will protect you from a nasty exploit that can allow a hacker to view your texts and photos, no click required.
Citizen Lab says that the Blastpass is delivered to a victim’s phone via images that are attachments to PassKit, which is a suite of code that allows developers to access Apple Pay infrastructure for their apps. Those images are sent from a phony iMessage account, and when the iPhone processes that image, the hacker has free reign over the victim’s device.
It’s zero-click because when your iPhone receives the message with the image, it tries rendering the image, which contains the exploit. Once the attacker is in, they usually delete the message that got them access and all traces, so that you don’t know you’re even hacked. This could happen in the middle of the night when you’re sleeping.
Prior to this update, Lockdown Mode on their iPhones was the only way to protect yourself from this exploit.
It’s zero-click because when your iPhone receives the message with the image, it tries rendering the image, which contains the exploit. Once the attacker is in, they usually delete the message that got them access and all traces, so that you don’t know you’re even hacked. This could happen in the middle of the night when you’re sleeping.
Prior to this update, Lockdown Mode on their iPhones was the only way to protect yourself from this exploit.