tldr - powered by Generative AI

• CISA has ordered federal agencies to patch their iPhones against vulnerabilities that can be used in a zero-click attack to install spyware from the NSO Group.
• A zero-click attack does not require any interaction from the user.
• The BLASTPASS attack involves maliciously-crafted PassKit attachments containing images sent via iMessage.
• Fully-patched iPhones running iOS 16.6 are vulnerable to a buffer overflow weakness when processing the boobytrapped images.
• The NSO Group is an Israeli cyberwarfare firm behind the Pegasus spyware, which has been used to spy on individuals such as Jeff Bezos and human rights activists.
• Pegasus spyware can gain access to various data including SMS messages, emails, photos, GPS location, and microphone and camera.
• Apple has released emergency security updates and users are advised to apply them immediately and consider enabling Lockdown Mode.
• CISA has categorized the vulnerabilities as significant risks and ordered federal agencies to patch them by October 2nd, 2023.