uoft apple security

UofT lab finds critical Apple security issues

Apple has issued a new security software update for iPad and iPhone after Canadian researchers discovered severe vulnerabilities.

The Citizen Lab at The University of Toronto's Munk School of Global Affairs published its findings on Thursday.

"Last week, while checking the device of an individual employed by a Washington DC-based civil society organization with international offices, Citizen Lab found an actively exploited zero-click vulnerability being used to deliver NSO Group’s Pegasus mercenary spyware," researchers stated.

The NSO Group is an Israeli cyber intelligence agency that created the Pegasus spyware. This spyware infects iPhones and Android devices.

According to a 2021 investigation by The Washington Post, Pegasus works in three steps: target, infect, and track.

"Someone sends what's known as a trap link to a smartphone that persuades the victim to tap and activate — or activates itself without any input, as in the most sophisticated 'zero-click' hacks," the investigative report reads.

Once infected, the spyware duplicates the phone's functions, can record from the camera and mic, and can see your location, call data, and contacts, among other things.

This information can then be used to track the victim and exploit them.

The Citizen Lab said the exploit chain Blastpass is being used here and could compromise iPhones running iOs 16.6 "without any interaction from the victim."

"The exploit involved PassKit attachments containing malicious images sent from an attacker iMessage account to the victim," the Lab added.

Apple was immediately told about this discovery, and its team quickly worked on patching solutions. It acknowledged The Citizen Lab in its update release.

"Processing a maliciously crafted image may lead to arbitrary code execution," said the tech giant. "Apple is aware of a report that this issue may have been actively exploited."

The new update is available, resolving ImageIO and Apple Wallet vulnerabilities on iPhone 8 and later models, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later.

Take a few minutes to update all your Apple devices and ensure you're digitally secure.

You have Canadian researchers to thank for this one!

Lead photo by

Shutterstock/nikkimeel


Latest Videos



Latest Videos


Join the conversation Load comments

Latest in Tech

TTC is about to axe free Wi-Fi service in Toronto subway stations

Canadians could cash in on proposed multimillion-dollar electronics settlements

New tax changes will affect Canadians who earn money using online apps

Bell Canada is hiking prices for TV along with internet and phone plans

12 Days of Giveaways Day 4: Upgrade your home with the vacuum of the future

Here's how Canadians can claim share of Yahoo and Rogers class-action money

CRA warns people about $250 Working Canadians Rebate scam

Here are top Black Friday deals in Canada from Best Buy to Walmart