According to a Cyber Security Advisory issued by the Cabinet Division, Apple iPhones were targeted with the Blast Pass Exploit to deploy Pegasus spyware.
A/c to the Advisory, Apple iPhone users are being targeted by NSO Group’s nefarious Spyware, Pegasus. For the deployment of Blast Pass (zero days and zero click malware), the exploitation process is initiated via the iMessage feature (CVE-2023-41061 and CVE-2023-41064).
Exploit for Blast Pass
Blast Pass can infect the most recent OS versions (16.6) without user interaction. Apple has issued a remedial advisory for iPhone users in this regard.
Apple has also issued alerts to its users informing them that they are being targeted by NSO Pegasus spyware or are likely to be targeted by state-sponsored attackers.
Users are urged to take the precautions outlined in paragraph 3 to avoid the Blast Pass Pegasus exploit and other common cyber-attacks.
Specific Security Measures for the Blast Pass Exploit
- Upgrade to the most recent iOS version (16.6.1 or higher), which includes the majority of security updates for ongoing attacks.
- To prevent a Blast Pass attack, enable lockdown mode (optional; extreme protection mode).
- Disable the iMessage function on iPhones.
- General Security Procedures for Apple Users
- Use strong passcodes to secure devices and two-factor authentication on Apple ID.
- To avoid malware/infection, only install apps from the official Apple Store.
- Use anonymity-based solutions (while surfing the internet) to mask the identity of key appointment holders/individuals.
- Always turn off location services on Apple devices.
- Sign up for Apple’s security bulletins, threat notifications, and automatic OS updates.
- Avoid using phones in sensitive locations/meetings at all costs.
To read our blog on “UAE Cybersecurity & CPX called swift collab with govt. body,” click here