Apple has taken swift action to safeguard its devices by releasing a critical security update. The update, which covers iPhones, iPads, MacBooks, and Apple Watches, is designed to address two zero-day vulnerabilities, known as CVE-2023-41064 and CVE-2023-41061. Zero-day vulnerabilities are particularly worrisome because they are unknown to the software vendor and lack any prior patch, leaving them ripe for exploitation by attackers.
iPhone users urged to update against critical Pegasus spyware
These vulnerabilities are particularly alarming as they allow attackers to infiltrate a device by deploying a malicious image or attachment. Once the malware is installed, it can be used for various malicious purposes, including data theft, user location tracking, and device takeover.
The initial discovery of these vulnerabilities was made by Citizen Lab, a reputable spyware research group affiliated with the Munk School of Global Affairs & Public Policy at the University of Toronto. Citizen Lab has reported that these vulnerabilities were being exploited to deploy NSO Group's notorious Pegasus spyware onto iPhones. Pegasus is a potent espionage tool that compromises a phone, exfiltrating data such as photos, messages, and audio/video recordings.
To mitigate these risks, Apple urges all users to promptly update their devices to the latest versions of iOS, iPadOS, macOS, and watchOS. These updates can be conveniently downloaded through the Settings app.
This marks the second instance in recent months where Apple has acted swiftly to address a zero-day vulnerability. In July, the company released an update to counter a zero-day vulnerability that was being exploited by attackers to infect iPhones and iPads with malware.
The prevalence of zero-day vulnerabilities underscores the importance of maintaining up-to-date security patches on devices. By doing so, users can significantly enhance their protection against these severe threats. Stay informed and stay secure.