Couldn’t think of a better title, TL;DR via receiving an iMessage with a specially crafted image, an attacker can get full access to your device. Update iOS immediately to resolve the issue
PSA: Android just published a patch for a very similar vulnerability in their September Security release. You should update your Android devices ASAP.
Which CVE is that and where can i read a description of how this vulnerability is being used?
CVE-2023-35674 No real details published yet but Google discussed it in their September security bulletin.
at this point most iphone users are very much used to reicive images within imessage and have already forgotten that mms existed or are too young to actually ever had to deal with it, so to them it’s just yet another picture.
Damn…so this isn’t the fun kernel level access exploit.
This is the boring, my data could be compromised exploit.
Fuck, the NSO group managed that shit again?!
lmao, iMessage again ? zero user interaction needed, again ?!
Well done Apple
It’s literally been 3 days since Android had a vulnerability of this exact nature: remote code execution with zero user interaction required (CVE-2023-35674).
Every piece of software has vulnerabilities lurking within. What matters is the velocity at which vendors address and resolve those vulnerabilities. Apple and Google are both exemplary at getting patches out quickly.
Every piece of software has vulnerabilities lurking within.
Remind me why we put up with this again? Formal verification does exist.
Article missing, here is the archive link. https://web.archive.org/web/20230908134811/https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/
Edit: able to access now but I’ll leave it here just in case.
