Couldn’t think of a better title, TL;DR via receiving an iMessage with a specially crafted image, an attacker can get full access to your device. Update iOS immediately to resolve the issue
PSA: Android just published a patch for a very similar vulnerability in their September Security release. You should update your Android devices ASAP.
Which CVE is that and where can i read a description of how this vulnerability is being used?
CVE-2023-35674 No real details published yet but Google discussed it in their September security bulletin.
Damn…so this isn’t the fun kernel level access exploit.
This is the boring, my data could be compromised exploit.
Fuck, the NSO group managed that shit again?!
lmao, iMessage again ? zero user interaction needed, again ?!
Well done Apple
It’s literally been 3 days since Android had a vulnerability of this exact nature: remote code execution with zero user interaction required (CVE-2023-35674).
Every piece of software has vulnerabilities lurking within. What matters is the velocity at which vendors address and resolve those vulnerabilities. Apple and Google are both exemplary at getting patches out quickly.
Stop bringing up old news. We’re hating on Apple today!
Oops! I forgot to check the schedule.
Every piece of software has vulnerabilities lurking within.
Remind me why we put up with this again? Formal verification does exist.
Formal Verification doesn’t guarantee that the code is free of vulnerability, it just increases confidence in its security. It’s never perfect.
butbutbut… blue box
Article missing, here is the archive link. https://web.archive.org/web/20230908134811/https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/
Edit: able to access now but I’ll leave it here just in case.
It looks like I need to make some space for an update -.-
Is this fixed if using the iOS 17 Beta?
I just relistened to Dark Net Diaries episode about this! (episode 100, titled NSO) Highly Recommend
Lockdown mode stops it.
ios “the more secure choice” try not to have a 0-day exploit challenge