//iOS 16.6.1 fixes a big iPhone security vulnerability used to install Pegasus spyware

iOS 16.6.1 fixes a big iPhone security vulnerability used to install Pegasus spyware

Photo by Amelia Holowaty Krales / The Verge

Apple has issued a critical security update for iPhones to address a zero-day bug in iOS 16 that could allow attackers to remotely install spyware on a device without any interaction from the iPhone owner. Citizen Lab, a spyware research group, discovered the exploit last week and immediately notified Apple.

The zero-click zero-day exploit had been used to install NGO Group’s Pegasus spyware onto an iPhone owned by an employee of a Washington DC-based civil society organization. Pegasus is spyware developed by a private contractor for use by government agencies. The spyware infects a phone and sends back data, including photos, messages, and audio / video recordings.

The exploit involves PassKit attachments sent via iMessage

Apple has…

Continue reading…