(MENAFN- NewsBytes) Apple rolled out iOS version 14.8 for compatible iPhones on September 13. This update doesn't pack any feature updates but patches some critical security loopholes. If your device is eligible, we recommend that you install the update at the earliest. The update to iOS 14.8 fixes the CoreGraphics and WebKit vulnerabilities. Here are more details.
In this article
- CoreGraphics vulnerability allowed malicious PDFs to arbitrarily execute code
- WebKit vulnerability allows hackers to execute code via web content
- CoreGraphics was a zero-click vulnerability for iMessage
- Pegasus gives hackers complete control over victim's device
Compatibility CoreGraphics vulnerability allowed malicious PDFs to arbitrarily execute code
The update available for iPhones and iPads bearing version number 14.8 is compatible with the iPhone 6s and later, all iPad Pro models, iPad Air 2 and later, fifth-generation iPad and newer, iPad mini 4 and later, and the seventh-generation iPod touch. The CoreGraphics vulnerability allowed malicious PDFs to arbitrarily execute code. Apple claims the issue may have been actively exploited.
Details WebKit vulnerability allows hackers to execute code via web content
After releasing a WebKit vulnerability patch for iOS and macOS, Apple's iOS 14.8 fixes the issue for other handheld devices, too. All the aforementioned devices support the patch. Like on the computers, this WebKit vulnerability allowed malicious web content to arbitrarily execute code on the victim's device. Yet again, Apple claims the issue may have been actively exploited by bad actors.
Why the urgency? CoreGraphics was a zero-click vulnerability for iMessage
The CoreGraphics vulnerability was identified by The Citizen Lab while the WebKit vulnerability's discovery is credited to an anonymous researcher. The CoreGraphics vulnerability was identified as a zero-click iMessage exploit meaning it didn't need any user interaction to perform malicious activities. The exploit is believed to have been used to target Bahraini activists using the NSO Group 's Pegasus spyware.
ASAP Pegasus gives hackers complete control over victim's device
Using the zero-click exploit, Pegasus can remotely read/record messages, calls, and emails and control the camera and microphone of the unwary victim's device. The Citizen Labs' researchers claim the spyware can do everything a user can on their device. Considering this security update's nature we urge you to install it at the earliest to reduce the risk of falling prey to bad actors.
MENAFN14092021000165011035ID1102795299
Legal Disclaimer:
MENAFN provides the information “as is” without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the provider above.