A new exploit, known as BLASTPASS, has been discovered by Citizen Lab, involving the use of iMessage accounts to send malicious image files. In response, Apple has released an iPhone update, iOS 16.6.1, to address this vulnerability. To safeguard your device, follow these steps: Go to Settings → General → Software Update and run the software update as soon as possible.

For added protection, Apple has also released updates for iPad, Mac, and Apple Watch. It is recommended to install these updates urgently.

Apple has acknowledged the severity of the exploit, stating that the processing of a manipulated image could result in arbitrary code execution. They are aware of reports of active exploitation. In response, Apple has addressed the buffer overflow issue in ImageIO with improved memory handling. Additionally, a similar issue in Wallet has been resolved with enhanced logic.

While the majority of users are unlikely to be targeted by NSO Group clients, it is advisable to take precautions. Citizen Lab suggests activating the iPhone’s “Lockdown Mode,” which offers resistance against Pegasus-style mercenary malware attacks. To enable this feature, follow these steps: Go to Settings → Privacy & Security → Security → Lockdown Mode → Turn On Lockdown Mode → Turn On Lockdown Mode (again) → Turn On & Restart. After entering your device passcode, the mode will be activated.