• summarizerB
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    1
    ·
    1 year ago

    This is the best summary I could come up with:


    Apple released security updates on Thursday that patch two zero-day exploits — meaning hacking techniques that were unknown at the time Apple found out about them — used against a member of a civil society organization in Washington, D.C., according to the researchers who found the vulnerabilities.

    Citizen Lab, an internet watchdog group that investigates government malware, published a short blog post explaining that last week they found a zero-click vulnerability — meaning that the hackers’ target doesn’t have to tap or click anything, such as an attachment — used to target victims with malware.

    The researchers said the vulnerability was used as part of an exploit chain designed to deliver NSO Group’s malware, known as Pegasus.

    “The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim,” Citizen Lab wrote.

    Citizen Lab said it called the exploit chain BLASTPASS, because it involved PassKit, a framework that allows developers to include Apple Pay in their apps.

    “Once more, civil society, is serving as the cybersecurity early warning system for… billions of devices around the world,” John Scott-Railton, a senior researcher at the internet watchdog Citizen Lab, wrote on Twitter.


    The original article contains 357 words, the summary contains 199 words. Saved 44%. I’m a bot and I’m open source!