Citizen Lab discovered two no-click zero-day vulnerabilities in an individual’s device being targeted by NSO Group’s Pegasus spyware. Citizen Lab responsibly disclosed the vulnerabilities to Apple, which issued patches in iOS 16.6.1 and iPadOS 16.6.1.
The exploit chain, dubbed “BlastPass,” could compromise iPhones and iPads without any user interaction. Apple recommends all users update immediately. Those at high risk should enable lockdown mode for extreme protection against sophisticated digital threats.