Apple releases iOS 14.8 to address important security loopholes
Just one day ahead of announcing its iPhone 13, Apple has released iOS 14.8, an unglamorous security update that doesn’t bring much on the surface but does fix some important security loopholes that Apple believes have been actively exploited. Release notes describe it as an update that provides important security big fixes and is recommended for all users. Here’s all you need to know.
Earlier this summer, it was revealed that Apple was working on iOS 14.8. But in the weeks that followed, things went quiet. There was no beta released, while iOS 15 betas appeared at a fast pace.
As of yesterday evening, iOS 14.8 has been made available for download, along with iPadOS 14.8, watchOS 7.6.2 and macOS Big Sur 11.6. The new software update contains security updates that close a vulnerability reportedly exploited by the Pegasus Spyware of NSO Group since February or even earlier.
The first security issue being fixed is a vulnerability in Apple’s CoreGraphics framework. Processing a maliciously crafted PDF allowed an attacker to execute code. The CoreGraphics vulnerability was first discovered by ethical hackers from Citizen Lab who identified it as a zero-click iMessage exploit by the NSO group. More specifically, NSO Group targeted Apple’s image rendering library to remotely infect company’s iPhones, iPads, MacBooks or Apple Watches with its Pegasus Spyware.
The second security hole fixed was in the Apple WebKit browser engine, where processing malicious web content could allow an adversary to execute code, an issue that was addressed with improved memory management. While it’s unclear if it’s related to NSO’s exploits, Apple says it still may have been actively exploited.
The urgency of these security issues explains why we’re seeing a new update of iOS just a day before an Apple event, where it’s expected to announce new phones that will probably never run on this version of the OS. A good reminder of how important it is to keep all your devices up to date!