français
deutsch
русский
日本らしさ
español
Türkçe
português
o‘zbek
қазақ тілі
кыргызча
тоҷикӣ
हिन्दी
Update your devices before they reach you.
Zero-day vulnerabilities have been found in iOS and macOS, which allow attackers to install malware without any user interaction.
They are known as CVE-2023-41064 and CVE-2023-41061. The specialists from the Citizen Lab at the University of Toronto (Canada) who discovered them gave them the common name BLASTPASS.
Attackers can compromise a device simply by downloading a malicious image or attachment. This usually happens through Safari, iMessage and WhatsApp. Hackers use this opportunity to install spyware, including Pegasus from NSO Group.
But the music didn't last long: Apple had already released a security update for all of its operating systems, including iPadOS and watchOS. And he recommends that users do not delay downloading them, since BLASTPASS is actively used.
To further reduce risk, you can enable Lockdown mode on your devices, which blocks certain types of attachments and disables link previews. Experts note that this effectively prevents such attacks.