- Apple released iOS 14.8 update which fixes the “zero-click” install exploit.
- The bug allowed authorities to install Pegasus spyware with a simple message sent on iMessage.
- The Cupertino giant also released macOS Big Sur 11.6, improving the security of Macs.
Apple has released iOS 14.8 to fix a bug allowing the Pegasus spyware to exploit the iPhone’s security without the user clicking any malicious link or message. To recall, Pegasus spyware from the Israeli technology firm NSO Group was used by governments across the world to spy on journalists, activists, and members of the opposition. As mentioned earlier, the flaw dubbed “zero-click” install, found by researchers at Citizen Lab, allowed the spyware to be installed on smartphones without users interacting with any message, app, or link.
Citizen Lab informed the extent of vulnerability in a post. “We determined that the mercenary spyware company NSO Group used the vulnerability to remotely exploit and infect the latest Apple devices with the Pegasus spyware,” the research firm wrote in the post. The Citizen Lab researchers examined an activist’s iPhone infected with the Pegasus and found out that it didn’t even require a click to install on the phone. A few hours after the news broke out, Cupertino giant said that it’s working “rapidly” on the update to fix the bug highlighted by the Citizen Lab.
You should install iOS 14.8 on your iPhone right now
The iOS 14.8 fixes the CoreGraphics bug, which created malicious PDF leading to arbitrary code execution. It also fixed a security issue with WebKit that could maliciously process web content to execute code. The discovery of the CoreGraphics bug has been attributed to Citizen Lab, while the Webkit vulnerability is being attributed to an anonymous researcher.
Apple also released the iPadOS 14.8 fixing the CoreGraphics and WebKit for iPads. Macs also got a new security update with macOS Big Sur 11.6. The macOS Big Sur 11.6 improves the security of Mac systems, and it is recommended for everyone to install the update as soon as possible. The Cupertino giant also rolled out the 2001-005 security update for the macOS Catalina, fixing the Webkit bug.
The iOS 14.8 update will be available for iPhone 6s and later, iPad Pro, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation). Users can open the Settings app on their iPhone or iPad, then tap General and Software Update to download the update.