Apple has released emergency security updates to fix two zero-day vulnerabilities in iMessage that could be exploited to infect iPhones with spyware.
The vulnerabilities, which were discovered by Citizen Lab, a research group at the University of Toronto, allow attackers to remotely install malware on iPhones without the victim needing to click on any malicious links or attachments.
The vulnerabilities affect all versions of iOS up to and including iOS 16.6. Apple has released security updates for all affected devices, and users are urged to install them as soon as possible.
The list of affected devices includes:
- iPhone 8 and later
- iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
- Macs running macOS Ventura
- Apple Watch Series 4 and later
The security updates patch the vulnerabilities by disabling a feature in iMessage that allows attachments to be displayed without first being scanned for malware. This will prevent attackers from exploiting the vulnerabilities to install malware on iPhones.
