Apple has just rolled out a crucial security update for iPhones and iPads in response to the discovery of newly identified vulnerabilities CVE-2023-41064 and CVE-2023-41061 in their system software. These vulnerabilities, also known as “BLASTPASS,” were found by researchers at the University of Toronto’s Citizen Lab, who revealed that the flaw was actively being exploited to distribute Pegasus, a commercial spyware developed by the Israeli company NSO Group. BLASTPASS is a serious duo of vulnerabilities, specifically because of their clickless nature: they only require a user to load an image or attachment in order to be exploited.
CVE-2023-41064 is a buffer overflow issue fixed in macOS Ventura 13.5.2, iOS 16.6.1 and iPadOS 16.6.1, and CVE-2023-41061 is a validation issue fixed in watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1. Both vulnerabilities, when exploited, result in remote code execution. Neither of the vulnerabilities have CVSS scores at this time. Citizen Lab strongly advises all users to take immediate action and update their devices.
How To Install the Update:
- Access Your Settings: Open the Settings app on your iPhone or iPad.
- Navigate to General: Within Settings, select “General.”
- Find Software Update: Scroll down and tap on “Software Update.”
- Install iOS 16.6.1: You should see the iOS 16.6.1 software update listed. Tap it to begin the installation.
If you don’t immediately spot the update, follow these steps:
- Check Your iOS Version: Return to the General page and tap “About” to confirm your iOS version. If it’s 16.6.1, you already have the update installed.
- Update Older Versions: If your device is still running 16.6 or an earlier version, repeat the previous steps.
- Restart Your Phone: If you still don’t see the update, try restarting your phone.
- Verify Internet Connection: Double-check your internet connection to ensure it’s stable. Then, wait a bit and try checking for the update again.
It is absolutely necessary to update your IOS devices as soon as possible in order to negate the effects of the BLASTPASS vulnerabilities.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
Questions or concerns? Feel free to reach out to us any time –