0-Day Remote iPhone Full Access Being Abused, Update Immediately

@OsrsNeedsF2P@lemmy.ml · 2 years ago

0-Day Remote iPhone Full Access Being Abused, Update Immediately

@OsrsNeedsF2P@lemmy.ml · 2 years ago

Couldn’t think of a better title, TL;DR via receiving an iMessage with a specially crafted image, an attacker can get full access to your device. Update iOS immediately to resolve the issue

@fartsparkles@sh.itjust.works · 2 years ago

PSA: Android just published a patch for a very similar vulnerability in their September Security release. You should update your Android devices ASAP.

2 years ago

Which CVE is that and where can i read a description of how this vulnerability is being used?

@fartsparkles@sh.itjust.works · 2 years ago

CVE-2023-35674 No real details published yet but Google discussed it in their September security bulletin.

@DocBlaze@lemmy.world · edit-2 2 years ago

deleted by creator

El Barto · edit-2 2 years ago

Get off that high horse.

prowess2956 · 2 years ago

How do you block MMS from unknown senders on iOS?

Drunemeton · 2 years ago

Settings > Messages > SMS/MMS > MMS Messaging (uncheck)

And/Or

Message Filtering > Filter Unknown Senders (checked)

Those seem to be the likely options, but I’ve zero idea if those will work.

@DocBlaze@lemmy.world · edit-2 2 years ago

deleted by creator

mishimaenjoyer · edit-2 2 years ago

at this point most iphone users are very much used to reicive images within imessage and have already forgotten that mms existed or are too young to actually ever had to deal with it, so to them it’s just yet another picture.

@DocBlaze@lemmy.world · edit-2 2 years ago

deleted by creator

@Ado@lemmy.world · 2 years ago

lol, even if people went through to change their defaults, why would they expect an image to be able to hijack their device?

There’s so many automated things on smart phones nowadays, should we disable everything to ensure avoiding future exploits?

@Dontfearthereaper123@lemm.ee · 2 years ago

They would expect an image to hijack their device because they’ve been warned about downloading attachments in basically every Internet safety anything. We should disable things like nfc and other security vulnerabilities when not in use, it doesn’t take a genius to figure out which can be dangerous.

SatansMaggotyCumFart · 2 years ago

I’d never get random dick pictures that way though.

/home/pineapplelover · edit-2 2 years ago

Article missing, here is the archive link. https://web.archive.org/web/20230908134811/https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/

Edit: able to access now but I’ll leave it here just in case.

@Cwilliams@beehaw.org · 2 years ago

I just relistened to Dark Net Diaries episode about this! (episode 100, titled NSO) Highly Recommend

Azzy · 2 years ago

Is this fixed if using the iOS 17 Beta?

darcy · 2 years ago

ios “the more secure choice” try not to have a 0-day exploit challenge

0-Day Remote iPhone Full Access Being Abused, Update Immediately

0-Day Remote iPhone Full Access Being Abused, Update Immediately

BLASTPASS: NSO Group iPhone Zero-Click, Zero-Day Exploit Captured in the Wild - The Citizen Lab