Citizen Lab found an actively exploited zero-click vulnerability being used to deliver NSO Group’s Pegasus mercenary spyware while checking the device of an individual employed by a Washington DC-based civil society organization with international offices. We refer to the exploit chain as BLASTPASS. The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim.
Couldn’t think of a better title, TL;DR via receiving an iMessage with a specially crafted image, an attacker can get full access to your device. Update iOS immediately to resolve the issue
at this point most iphone users are very much used to reicive images within imessage and have already forgotten that mms existed or are too young to actually ever had to deal with it, so to them it’s just yet another picture.
They would expect an image to hijack their device because they’ve been warned about downloading attachments in basically every Internet safety anything. We should disable things like nfc and other security vulnerabilities when not in use, it doesn’t take a genius to figure out which can be dangerous.
Couldn’t think of a better title, TL;DR via receiving an iMessage with a specially crafted image, an attacker can get full access to your device. Update iOS immediately to resolve the issue
PSA: Android just published a patch for a very similar vulnerability in their September Security release. You should update your Android devices ASAP.
Which CVE is that and where can i read a description of how this vulnerability is being used?
CVE-2023-35674 No real details published yet but Google discussed it in their September security bulletin.
deleted by creator
Get off that high horse.
How do you block MMS from unknown senders on iOS?
Settings > Messages > SMS/MMS > MMS Messaging (uncheck)
And/Or
Message Filtering > Filter Unknown Senders (checked)
Those seem to be the likely options, but I’ve zero idea if those will work.
deleted by creator
at this point most iphone users are very much used to reicive images within imessage and have already forgotten that mms existed or are too young to actually ever had to deal with it, so to them it’s just yet another picture.
deleted by creator
lol, even if people went through to change their defaults, why would they expect an image to be able to hijack their device?
There’s so many automated things on smart phones nowadays, should we disable everything to ensure avoiding future exploits?
They would expect an image to hijack their device because they’ve been warned about downloading attachments in basically every Internet safety anything. We should disable things like nfc and other security vulnerabilities when not in use, it doesn’t take a genius to figure out which can be dangerous.
I’d never get random dick pictures that way though.