BLASTPASS: NSO Group iPhone Zero-Click, Zero-Day Exploit Captured in the Wild (citizenlab.ca)

submitted 1 year ago by mwalimu@baraza.africa to c/technology@lemmy.world

11 comments fedilink hide all child comments

We refer to the exploit chain as BLASTPASS. The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim.

top 11 comments

sorted by: hot top controversial new old

[-] some_guy@lemmy.sdf.org 6 points 1 year ago

The fine folks at CitizenLab are doing such important work. I just want to call out what a net-benefit they are for us all. I can't count how many times I see or hear their name in sec updates, sec podcasts, news stories, etc. Thank you to CitizenLab!

[-] PlexSheep@feddit.de 2 points 1 year ago

I hear only good stuff from them. I think they were featured in the last episode of darkness diaries too.

[-] sebinspace@lemmy.world 1 points 1 year ago

Must be what the 16.6.1 update was for last night

[-] mwalimu@baraza.africa 1 points 1 year ago

Yes. The linked article points to Apple’s release notes.

CVE-2023-41064: The Citizen Lab at The University of Torontoʼs Munk School

[+] redditReallySucks@lemmy.dbzer0.com -10 points 1 year ago

"iPhones don't have malware"

[-] SmashingSquid@notyour.rodeo 12 points 1 year ago

Who claims that anymore? Ever since covid there's been tons of zero days updates. The only security benefit is not having extremely delayed updates like most android devices.

[-] antizero99@lemmynsfw.com 1 points 1 year ago

Which is why I roll pixel and before that nexus.

[-] SmashingSquid@notyour.rodeo 3 points 1 year ago

Yeah I'm an iphone person because I have no interest in side loading or any of that stuff, I just want it to work. I use it with medical devices and because of the fragmentation of android the medical device makers need to test and get approval for each phone model whereas on iOS because everything is the same OS its usually the first to get an app except for my newer insulin pump because they went with a managed android device as their included controller.

If I were to go android I wouldn't touch anything non google, especially after an article a few years ago I read that mentioned some OEM customizations actually adding vulnerabilities.

[-] antizero99@lemmynsfw.com 2 points 1 year ago

I haven't side loaded anything in years. In decades past I played around with custom roms and at some point I may look into the pixel roms for my older phones.

Aside from the usual issues that popup with any os for any device, I've had very few problems and none that stopped me from using my device.

I refuse to touch apple with someone's else pole. I like being able to install apps that aren't from the store and I can do that without having to hack my phone.

I equate apple to AOL. When you are new to tech apple just works but when you learn that there is more out there than apples walled garden you look at android that let's you do so much more and has so much more choice for hardware. Not to mention cost.

[-] bobman@unilem.org 0 points 1 year ago

Lots of people think iphones are secure.

[-] HeartyBeast@kbin.social 6 points 1 year ago

I think you dropped your straw man

this post was submitted on 07 Sep 2023

94 points (99.0% liked)

Technology

59054 readers

3192 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each another!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, to ask if your bot can be added please contact us.
Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago

MODERATORS