Apple has patched two zero-day vulnerabilities (CVE-2023-41064, CVE-2023-41061) exploited to deliver NSO Group’s Pegasus spyware. “The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim,” Citizen Lab shared. “The exploit involved PassKit attachments containing malicious images sent from an attacker iMessage account to the victim.” About the vulnerabilities CVE-2023-41064 is a buffer overflow vulnerability in the ImageI/O framework, which allows applications to read and … More

The post Apple patches two zero-days under attack (CVE-2023-41064, CVE-2023-41061) appeared first on Help Net Security.