Apple Rushes to Patch Zero-Day Flaws Exploited for Pegasus Spyware on iPhones
08-Sep-23
On Thursday, Apple published critical security patches for iOS, iPadOS, macOS, and watchOS to fix two zero-day holes that have been used to distribute mercenary spyware from NSO Group called Pegasus in the wild. CVE-2023-41061 was identified internally by Apple with “assistance” from the Citizen Lab, whereas CVE-2023-41064 was discovered by the Citizen Lab at the Munk School of the University of Toronto.
_x000D_CVE-2023-41061 - A validation flaw in Wallet that, when handled by a maliciously designed attachment, might lead to arbitrary code execution.x000D When processing a maliciously created image, CVE-2023-41064, a buffer overflow flaw in the Image I/O component, might lead to arbitrary code execution.
