Update Apple devices immediately
What's happening? In early September 2023, the University of Toronto-based research group Citizen Lab discovered that security vulnerabilities in Apple devices were being used to spy on an employee of a Washington DC-based civil society organization with international offices. The vulnerabilities are exploited by simply the receipt of maliciously crafted attachments by email or instant message. No user action is needed for exploitation to be successful. These vulnerabilities are now collectively referred to as “BLASTPASS” and Apple has released fixes. More information about this discovery can be found here: https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/
These vulnerabilities affect both older and newer Apple models as follows:
- iPhone 8 and later
- iPad Pro (all models)
- iPad Air 3rd generation and later
- iPad 5th generation and later
- iPad mini 5th generation and later
- Macs running on macOS Ventura
- Apple Watch Series 4 and later
What do I need to do? Update your Apple devices as soon as possible. Users at elevated risk of being targeted should consider Lockdown Mode. These issues are tracked as CVE-2023-41064 and CVE-2023-41061. The following guides can be used to perform these updates, depending on the device you are using:
iOS/iPadOS 16: https://support.apple.com/en-us/HT213905
MacOS Ventura: https://support.apple.com/en-us/HT213906
MacOS Big Sur: https://support.apple.com/en-us/HT213915
MacOS Monterey: https://support.apple.com/en-us/HT213914
WatchOS 9.6.2: https://support.apple.com/en-us/HT213907
iOS/iPadOS 15: https://support.apple.com/en-us/HT213913