Couldn't think of a better title, TL;DR via receiving an iMessage with a specially crafted image, an attacker can get full access to your device. Update iOS immediately to resolve the issue
this post was submitted on 08 Sep 2023
254 points (98.8% liked)
Privacy
39971 readers
133 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
PSA: Android just published a patch for a very similar vulnerability in their September Security release. You should update your Android devices ASAP.
Which CVE is that and where can i read a description of how this vulnerability is being used?
CVE-2023-35674 No real details published yet but Google discussed it in their September security bulletin.
Damn…so this isn’t the fun kernel level access exploit.
This is the boring, my data could be compromised exploit.
Fuck, the NSO group managed that shit again?!
lmao, iMessage again ? zero user interaction needed, again ?!
Well done Apple
It’s literally been 3 days since Android had a vulnerability of this exact nature: remote code execution with zero user interaction required (CVE-2023-35674).
Every piece of software has vulnerabilities lurking within. What matters is the velocity at which vendors address and resolve those vulnerabilities. Apple and Google are both exemplary at getting patches out quickly.
Stop bringing up old news. We're hating on Apple today!
Oops! I forgot to check the schedule.
Every piece of software has vulnerabilities lurking within.
Remind me why we put up with this again? Formal verification does exist.
Formal Verification doesn't guarantee that the code is free of vulnerability, it just increases confidence in its security. It’s never perfect.
butbutbut... blue box
Article missing, here is the archive link. https://web.archive.org/web/20230908134811/https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/
Edit: able to access now but I'll leave it here just in case.
It looks like I need to make some space for an update -.-
Is this fixed if using the iOS 17 Beta?
I'd assume in the next public/developer preview, yeah
I just relistened to Dark Net Diaries episode about this! (episode 100, titled NSO) Highly Recommend
ios "the more secure choice" try not to have a 0-day exploit challenge
Lockdown mode stops it.