New Zero-Click Exploits Against iOS
CitizenLab has identified three zero-click exploits against iOS 15 and 16. These were used by NSO Group’s Pegasus spyware in 2022, and deployed by Mexico against human rights defenders. These vulnerabilities have all been patched.
One interesting bit is that Apple’s Lockdown Mode (part of iOS 16) seems to have worked to prevent infection.
News article.
Comments
TimH •
“The first step targets HomeKit, and the second step targets iMessage.”
“the first step targets the iPhone’s Find My feature, and the second step targets iMessage.”
Can Homekit be disabled?
If Find My is disabled, does it still work?
If JS is disabled for Safari (the only place), does it still work?
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
Views: 0