Apple has patched two vulnerabilities that allowed the installation of malware

Apple has released security updates for iOS, iPadOS, macOS, and watchOS to fix two zero-day vulnerabilities. Attackers could use them to install malware, writes Ars Technica.

The company fixed the vulnerabilities with updates for iOS 16.6.1, iPadOS 16.6.1, macOS 13.5.2, and watchOS 9.6.2. However, there were no updates for older versions, such as iOS 15 or macOS 12.

We are talking about the CVE-2023-41064 and CVE-2023-41061 vulnerabilities reported by Citizen Lab. They explained that these are so-called zero-click vulnerabilities. That is, users do not even need to open the received image or attachment for attackers to attack their devices.

The vulnerabilities were used in the BLASTPASS exploit chain to deliver NSO Group’s Pegasus malware. To protect against vulnerabilities, Apple has introduced Lockdown Mode in iOS and macOS. The mode blocks many types of attachments and disables link previews.

By the way, on September 12, Apple will present the iPhone 15. The company is expected to unveil four iPhone models: the 6.1-inch iPhone 15, the 6.7-inch iPhone 15 Plus, the 6.1-inch iPhone 15 Pro, and the 6.7-inch iPhone 15 Pro Max. The presentation will also feature the Apple Watch Series 9 and a new version of the Apple Watch Ultra.