iPhone Security
Apple released the latest system software iOS 14.8 and iPad OS 14.8 on the early morning of the 14th. This is the first minor update in about a month and a half since the last iOS / iPad OS 14.7.1.
If you receive it, you can update it manually from the notification or from “Settings-General-Software Update”.
According to the official release, this update contains “important security updates” and is recommended for all users. No new features have been added.
According to the official security documentation, there are two “important security updates”. In other words, it is related to the Core Graphics framework and WebKit browser engine, both of which are vulnerabilities that allow an attacker to execute arbitrary code. It is stated that both may have been actively abused.
In addition, the New York Times reports that iOS 14.8 addresses a critical vulnerability that Apple engineers have been working on to fix 24 hours a day.
Among them, Webkit-related ones were discovered by The Citizen Lab at the University of Toronto and reported to Apple. The vulnerability, named “FORCE DENTRY,” infects iPhones, iPads, Apple Watches and Macs with the spyware “Pegasus”, allowing access to cameras, microphones, text messages, calls and emails. is.
It is known that “Pegasus” here is developed by the Israeli company NSO Group and marketed to governments and various organizations around the world. There was evidence that it had been abused for several years, and it was reported that it was being used by human rights activists, lawyers, and journalists around the world in July this year.
Apple has told The New York Times that it plans to add a spyware barrier to its next iOS 15 software update to prevent similar attacks in the future.
At the same time as iOS / iPadOS 14.8, watchOS 7.6.2 and macOS Big Sur 11.6 are also available. Both include similar security updates, and Apple Watch and Mac users are encouraged to update immediately.
Source:Apple
.
