Apple's Urgent Response: Patching Zero-Day Flaws Targeted by Pegasus Spyware on iPhones

Apple has released emergency security updates for its operating systems to address two zero-day flaws that have been exploited in the wild to deliver NSO Group's Pegasus spyware. The vulnerabilities, one found by Citizen Lab and the other discovered internally by Apple, allow for arbitrary code execution and have been weaponized as part of a zero-click iMessage exploit chain named BLASTPASS. The flaws bypass Apple's BlastDoor sandbox framework and have been used to compromise fully-patched iPhones running the latest version of iOS. This comes as the Chinese government bans the use of iPhones and other foreign-branded devices by central and state government officials due to cybersecurity concerns.