In September 2023 Apple released iOS 16.6.1 closing actively exploited vulnerabilities. On the same day, CitizenLab released a new blog post about NSO's latest Exploit called BLASTPASS.
BLASTPASS used a malicious PassKit file to infect a device over iMessage and bypass BlastDoor.
Later that year, we received crashlogs and an iOS Backup to analyze, and guess what we found? Crashes of the MessagesBlastDoorService and PassKit files sent over iMessage. We managed to extract the PassKit file from the backup.
Join me in this talk and let's get on the journey of analyzing one of the most advanced malware samples together!
Matthias Frielingsdorf | VP of Research, iVerify
Full Abstract & Presentation Materials: