In a recent development, the Cabinet Division has issued a Cyber Security Advisory alerting Apple iPhone users of targeted attacks using the notorious Pegasus spyware, reportedly crafted by the NSO Group.
The advisory highlights a sophisticated exploitation technique known as the "Blast Pass Exploit" that takes advantage of vulnerabilities in the iMessage feature (CVE-2023-41061 and CVE-2023-41064), allowing the deployment of zero-day and zero-click malware.
The cyber threat, known as Blast Pass, has the capability to infect even the latest iOS versions, including the current 16.6, without any user interaction.
Apple has promptly responded to the crisis by issuing a remedial advisory for its iPhone users. They have also initiated alerts to notify users if they are at risk of being targeted by the Pegasus spyware or potential state-sponsored attackers.
Apple's response
To combat the threat, Apple recommends the following specific safety steps:
a. Immediately upgrade to the iOS latest version (16.6.1 or above), which includes crucial security updates to defend against ongoing attacks
b. Optionally, enable lockdown mode, an extreme protection feature that blocks Blast Pass attacks
c. Disable the iMessage feature available on iPhones
Generic security guidelines
In addition to these specific safety measures, Apple users are encouraged to follow these generic security guidelines to safeguard their devices from a wide range of cyber threats:
a. Protect their devices with strong passcodes and enable two-factor authentication on Apple ID
b. Download apps exclusively from the official Apple Store to avoid malware and infections
c.Use anonymity-based solutions while surfing the internet and consider masking the identity of key individuals.
d. Always disable location services on Apple devices to minimize privacy risks.
e. Subscribe to Apple's security bulletins, and threat notifications, and enable auto OS update features.
f. Exercise caution when using phones in sensitive locations or during important meetings to prevent unauthorized data access.