Apple, iOS 14.8, Security, Updates

iOS 14.8 patches the iMessage Zero-Click exploit: Update now!

Apple quite unexpectedly released iOS 14.8 on Tuesday. The update brings in a very important patch to block out the NSO Group’s Pegasus spyware. The spyware here is of the Zero-Click variety that hacked Apple’s iMessage system. The exploit called FORCEDENTRY, discreetly collects all user information and activities without the user’s knowledge.

Security watchdog group CitizenLab researched about the exploit and has full-fledged information. Along with iOS 14.8, iPadOS 14.8, WatchOS 7.6.2, and macOS 11.6 are here with the same security fix. We hereby urge everyone to act fast and update their devices now.

RELATED: iOS 15 Public Beta 8 brings refinements ahead of official release

Go to Settings > General > Software Update, download, and install the update as soon as possible. On our iPhone 11, the update weighs in at 402.6 MB.

ios-14-8-iphone-fix-pegasus-zero-click-exploit-6333524

Apple’s security notes for the update are detailed below:

CoreGraphics

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: An integer overflow was addressed with improved input validation.

CVE-2021-30860: The Citizen Lab

WebKit

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

See also  The OnePlus 9R is an updated 8T for 2021

Description: A use-after-free issue was addressed with improved memory management.

CVE-2021-30858: an anonymous researcher

Leave a Comment