ChainCatcher message, Slow Mist Technology's Chief Information Security Officer 23pds stated on the X platform that a vulnerability seller on the dark web claims to be selling an iOS RCE. According to the vulnerability seller, this vulnerability does not require user interaction (0 Click) and can fully control devices running iOS 17.xx and iOS 18.xx. Currently, it cannot be verified whether this vulnerability is real and usable. Everyone is reminded to upgrade their iOS system in a timely manner.

ChainCatcher news, Slow Mist's Chief Information Security Officer 23pds stated that the Pegasus organization is attacking through a zero-click vulnerability in the iOS system. The attackers are using iMessage accounts to send malicious images as PassKit attachments to trigger the attack. The exploit chain has been made public, and Apple users can be infected without any click interaction. Apple has now released an emergency update.