Update iPhone

Today, Apple completes BlastPass patches to block state-sponsored attacks?

Does today’s emergency cybersecurity updates have anything to do with another emergency update 2 weeks ago?

A couple of weeks ago, Apple released emergency cybersecurity updates for iOS/iPadOS and macOS. The backstory was that

… while checking the device of an individual employed by a Washington DC-based civil society organization with international offices, Citizen Lab found an actively exploited zero-click vulnerability being used to deliver NSO Group’s Pegasus mercenary spyware. 

I first mentioned Pegasus last year in this article. There is quite a bit of history with it. Basically, Pegasus is a highly potent malware/spyware developed by an Israeli company called “NSO Group”. It is used extensively by state-sponsored actors to spy on prominent people, terrorists, and criminals. NSO Group is a highly controversial organisation because authoritarian regimes have misused Pegasus to violate human rights.

Citizen Lab called this method of delivery of Pegasus “BlastPass”.

Something was amiss

The cybersecurity updates released by Apple 2 weeks ago did not look complete to me. When I looked at what was fixed to block BlastPass (see here and there), something did not look quite right.

Subscribe to continue reading

Become a paid subscriber to get access to the rest of this post and other exclusive content.

Already a paid subscriber?