Apple quite unexpectedly released iOS 14.8 on Tuesday. The update brings in a very important patch to block out the NSO Group’s Pegasus spyware. The spyware here is of the Zero-Click variety that hacked Apple’s iMessage system. The exploit called FORCEDENTRY, discreetly collects all user information and activities without the user’s knowledge.
Security watchdog group CitizenLab researched about the exploit and has full-fledged information. Along with iOS 14.8, iPadOS 14.8, WatchOS 7.6.2, and macOS 11.6 are here with the same security fix. We hereby urge everyone to act fast and update their devices now.
RELATED: iOS 15 Public Beta 8 brings refinements ahead of official release
Go to Settings > General > Software Update, download, and install the update as soon as possible. On our iPhone 11, the update weighs in at 402.6 MB.
Apple’s security notes for the update are detailed below:
CoreGraphics
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: An integer overflow was addressed with improved input validation.
CVE-2021-30860: The Citizen Lab
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: A use-after-free issue was addressed with improved memory management.
CVE-2021-30858: an anonymous researcher