ISLAMABAD: The Cabinet Division has issued a Cyber Security Advisory warning Apple iPhone users about targeted attacks using the Pegasus spyware, reportedly developed by the NSO Group.
The advisory highlights a sophisticated exploitation technique known as the “Blast Pass Exploit,” which exploits vulnerabilities in the iMessage feature (CVE-2023-41061 and CVE-2023-41064), enabling the deployment of zero-day and zero-click malware.
This cyber threat, known as Blast Pass, has the capability to infect even the latest iOS versions, including the current 16.6, without any user interaction.
In response to the situation, Apple has taken prompt action by issuing an advisory to its iPhone users. They have also initiated alerts to notify users if they are at risk of being targeted by the Pegasus spyware or potential state-sponsored attackers.
Apple’s response includes the following safety recommendations:
a. Upgrade to the latest iOS version (16.6.1 or above) immediately, as it contains critical security updates to defend against ongoing attacks.
b. Optionally, enable lockdown mode, an extreme protection feature that blocks Blast Pass attacks.
c. Disable the iMessage feature available on iPhones.
In addition to these specific safety measures, Apple users are encouraged to follow generic security guidelines to protect their devices from various cyber threats, including:
a. Protecting their devices with strong passcodes and enabling two-factor authentication for Apple ID.
b. Downloading apps exclusively from the official Apple Store to avoid malware and infections.
c. Using anonymity-based solutions while browsing the internet and considering masking the identity of key individuals.
d. Disabling location services on Apple devices to minimize privacy risks.
e. Subscribing to Apple’s security bulletins and threat notifications and enabling auto OS update features.
f. Exercise caution when using phones in sensitive locations or during important meetings to prevent unauthorized data access.
