{"id":40594,"date":"2023-09-08T13:31:44","date_gmt":"2023-09-08T17:31:44","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=40594"},"modified":"2024-09-16T20:44:51","modified_gmt":"2024-09-17T00:44:51","slug":"blastpass","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2023\/09\/08\/blastpass\/","title":{"rendered":"BLASTPASS"},"content":{"rendered":"

Juli Clover<\/a> (Hacker News<\/a>):<\/p>\n

\n

[A] maliciously crafted image could lead to arbitrary code execution, allowing a hacker to gain access to the operating system with a simple picture.<\/p>\n

[…]<\/p>\n

As reported by Citizen Lab<\/a>, the vulnerabilities are part of a “BLASTPASS” exploit chain that was observed having been used in the wild to deliver NSO Group’s Pegasus spyware. Pegasus is of critical concern to government officials, journalists, activists, and others with potentially sensitive information on their devices.<\/p>

The zero-click vulnerability allowed attackers to send a maliciously crafted PassKit (Wallet) image to a target via iMessage, infecting their device “without any interaction from the victim.”<\/p><\/blockquote>\n

Lockdown Mode blocks this particular attack. It’s not really clear to me why these images can’t be safely processed behind the Blast Door. Is it because they’re related to other cross-cutting iOS services such as PassKit? That is, if iMessage were just<\/em> a messaging service, it would be easier to make it secure. If Messages were restricted to doing what third-party apps can do, maybe these sorts of vulnerabilities would be impossible. But it’s also become the transport for various other iOS features and Apple services, so it’s necessarily hooked deeper into the system. If I lived in Europe, maybe I could just disable iMessage and use WhatsApp, which is arguably more reliable and secure.<\/p>\n\n

Previously:<\/p>\n