Photo by Amelia Holowaty Krales / The Verge
Apple has issued a critical security update for iPhones to address a zero-day bug in iOS 16 that could allow attackers to remotely install spyware on a device without any interaction from the iPhone owner. Citizen Lab, a spyware research group, discovered the exploit last week and immediately notified Apple.
The zero-click zero-day exploit had been used to install NGO Group’s Pegasus spyware onto an iPhone owned by an employee of a Washington DC-based civil society organization. Pegasus is spyware developed by a private contractor for use by government agencies. The spyware infects a phone and sends back data, including photos, messages, and audio / video recordings.
The exploit involves PassKit attachments sent via iMessage
Apple has…