{ "id": "4bdfce52-3ac5-48fb-9b8d-55b7a93fb492", "created_at": "2026-04-06T00:16:32.167905Z", "updated_at": "2026-04-10T03:22:10.255326Z", "deleted_at": null, "sha1_hash": "7b44cc34cedddca6f6d7c328da8f64f636bc6515", "title": "BLASTPASS: NSO Group iPhone Zero-Click, Zero-Day Exploit Captured in the Wild - The Citizen Lab", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 49408, "plain_text": "BLASTPASS: NSO Group iPhone Zero-Click, Zero-Day Exploit\r\nCaptured in the Wild - The Citizen Lab\r\nBy John Scott-Railton\r\nPublished: 2023-09-07 · Archived: 2026-04-05 17:15:09 UTC\r\nOpens in a new window Opens an external site Opens an external site in a new window\r\nApple has just issued an update for Apple products including iPhones, iPads, Mac computers, and Apple\r\nWatches. We encourage all users to immediately update their devices.\r\nWe urge all at-risk users to consider enabling Lockdown Mode as we believe it blocks this attack.\r\nLast week, while checking the device of an individual employed by a Washington DC-based civil society\r\norganization with international offices, Citizen Lab found an actively exploited zero-click vulnerability being used\r\nto deliver NSO Group’s Pegasus mercenary spyware. \r\nWe refer to the exploit chain as BLASTPASS. The exploit chain was capable of compromising iPhones running\r\nthe latest version of iOS (16.6) without any interaction from the victim.\r\nThe exploit involved PassKit attachments containing malicious images sent from an attacker iMessage account to\r\nthe victim.\r\nWe expect to publish a more detailed discussion of the exploit chain in the future.\r\nDisclosure to Apple \u0026 CVEs\r\nCitizen Lab immediately disclosed our findings to Apple and assisted in their investigation.\r\nApple issued two CVEs related to this exploit chain (CVE-2023-41064 and CVE-2023-41061)\r\nUpdate Apple Devices Now\r\n We urge everyone to immediately update their devices.\r\nWe encourage everyone who may face increased risk because of who they are or what they do to enable\r\nLockdown Mode.\r\nWe believe, and Apple’s Security Engineering and Architecture team has confirmed to us, that Lockdown Mode\r\nblocks this particular attack.\r\nWe commend Apple for their rapid investigative response and patch cycle, and we acknowledge the victim and\r\ntheir organization for their collaboration and assistance.\r\nhttps://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/\r\nPage 1 of 2\n\nHeavily-Targeted Civil Society: A Cybersecurity Early Warning System\r\nThis latest find shows once again that civil society is targeted by highly sophisticated exploits and mercenary\r\nspyware.\r\nApple’s update will secure devices belonging to regular users, companies, and governments around the globe. The\r\nBLASTPASS discovery highlights the incredible value to our collective cybersecurity of supporting civil society\r\norganizations.\r\nNote: Post updated 5:42PM Eastern Time Sept 7th to reflect that Apple’s Security Engineering and Architecture\r\nteam and Citizen Lab believe that Lockdown Mode blocks this particular attack.\r\nSource: https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/\r\nhttps://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/" ], "report_names": [ "blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild" ], "threat_actors": [], "ts_created_at": 1775434592, "ts_updated_at": 1775791330, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/7b44cc34cedddca6f6d7c328da8f64f636bc6515.pdf", "text": "https://archive.orkl.eu/7b44cc34cedddca6f6d7c328da8f64f636bc6515.txt", "img": "https://archive.orkl.eu/7b44cc34cedddca6f6d7c328da8f64f636bc6515.jpg" } }