Apple released iOS 16.6.1 yesterday, fixing some issues the previous update had created with the Screen Time parental control features. Now, though, security experts have issued a warning that all Apple device users should update to the latest iOS version to avoid a major security exploit that could allow bad actors to spy on you through your iOS device.
The exploit was discovered by Citizen Lab while checking an employee’s device in a Washington, DC-based civil society organization. The exploit, they say, was used to infect the device with NSO’s Pegasus spyware. The exploit doesn’t require the user to click on anything, as it infects the device through any iMessage the bad actor sends to the targeted device.
While these types of attacks are typically only used against high-threat models – people in the public eye – security expert Rachel Tobac warns that every user with an Apple device should update to iOS 16.6.1 to avoid any possible infection and breach of their privacy. Citizen Lab also recommends updating to the new iOS version immediately.
The exploit is currently logged as two separate CVEs, CVE-2023-41064 and CVE-2023-41061. IF you’re someone in a role with an increased risk of being exposed to such exploits, Citizen Lab recommends using Apple’s Lockdown Mode to avoid the exploit, as it should block the attack, according to Citizen Lab’s report.
This kind of zero-click exploit is exceptionally tricky, as it doesn’t require any input from the user to infect the device. As such, simply receiving an iMessage that is infected with the exploit could allow bad actors to gain access to your device and spy through it. Because of the severity of this exploit, it is recommended that you update to iOS 16.6.1 immediately, even if you do not believe you are at risk.
\