Apple Issues Urgent Security Update to Patch Zero-Click iPhone Spyware Vulnerability

· 1 min read
Apple Issues Urgent Security Update to Patch Zero-Click iPhone Spyware Vulnerability
Photo by Miguel Tomás / Unsplash

Apple recently issued an emergency security update to patch a zero-click vulnerability in iPhones that was being actively exploited to install sophisticated Pegasus spyware.

The Vulnerability

Researchers at Citizen Lab discovered that threat actors were exploiting two zero-day vulnerabilities (tracked as CVE-2023-41064 and CVE-2023-41061) to remotely compromise iPhones without any user interaction. The vulnerabilities allowed arbitrary code execution if a target opened a maliciously crafted image or PDF sent via iMessage.

This "zero-click" exploit was used to deliver NSO Group's Pegasus spyware to a fully patched iPhone of a civil society group employee. Pegasus can access messages, photos, recordings and location data once installed on a device.

Scope of Impact

The vulnerabilities impact iPhones, iPads and Mac devices running the latest iOS 16.6, iPadOS 16.6 and macOS Ventura respectively. This includes popular devices like the iPhone 8 models and later, iPad Pro models, 5th generation iPads and later.

Unless updated, over 1 billion Apple devices worldwide were vulnerable to this remote attack. Given Pegasus' capabilities, a successful exploit could severely compromise a target's privacy and digital security.

Apple's Response

Apple pushed emergency security updates within a week to address the issues. iOS 16.6.1, iPadOS 16.6.1 and macOS Ventura 13.5.2 patches included improved input validation and memory handling.

This was the 13th zero-day Apple had to patch this year alone, highlighting growing "hack-now-fix-later" targeting of its platforms. Apple also recommended enabling "Lockdown Mode" for high-risk users.


  • Immediately update all Apple devices to the latest iOS 16.6.1, iPadOS 16.6.1 and macOS Ventura versions.
  • Consider enabling "Lockdown Mode" in Settings if facing heightened monitoring risks due to occupation or activism.
  • Be cautious receiving unsolicited files or links via messages, and avoid clicking shared images or files from unknown contacts.
  • Use up-to-date antivirus software on devices to filter malware before it can exploit platform vulnerabilities.
  • Employ a security key or strong multifactor authentication wherever available to safeguard online accounts linked to iOS devices.
## Convertkit Newsletter