Zero Day Attack affects Apple Devices

Vulnerable Devices

Apple recently released an emergency security update to address a vulnerability that could allow hackers to take control of iPhones, iPads, and Macs running macOS Monterey. The vulnerability was discovered by an anonymous researcher and identified as CVE-2022-3289. The update fixes three vulnerabilities, including a flaw in WebKit, the browser engine that powers Safari, a certificate validation bug that can allow a malicious app to run on an affected device, and a third bug that can be used to get broader access to the kernel, the core of the operating system 12. However, there is another vulnerability discovered by Citizen Lab called BLASTPASS that was actively abused as part of a zero-click iMessage exploit chain named BLASTPASS that was used to deploy NSO Group’s Pegasus mercenary spyware onto fully-patched iPhones (running iOS 16.6) via PassKit attachments containing malicious images 32. It is highly recommended that you update your Apple devices to the latest security patch to stay protected against such attacks 12.