Page Loader
Home / News / Technology News / Here's why you should install iOS 14.8 update immediately
Here's why you should install iOS 14.8 update immediately
Here’s why the iOS 14.8 update is so important

Here's why you should install iOS 14.8 update immediately

By Chandraveer Mathur
Sep 14, 2021
06:53 pm
What's the story

Apple rolled out iOS version 14.8 for compatible iPhones on September 13. This update doesn't pack any feature updates but patches some critical security loopholes. If your device is eligible, we recommend that you install the update at the earliest. The update to iOS 14.8 fixes the CoreGraphics and WebKit vulnerabilities. Here are more details.

Compatibility

CoreGraphics vulnerability allowed malicious PDFs to arbitrarily execute code

The update available for iPhones and iPads bearing version number 14.8 is compatible with the iPhone 6S and later, all iPad Pro models, iPad Air 2 and later, fifth-generation iPad and newer, iPad mini 4 and later, and the seventh-generation iPod touch. The CoreGraphics vulnerability allowed malicious PDFs to arbitrarily execute code. Apple claims the issue may have been actively exploited.

Details

WebKit vulnerability allows hackers to execute code via web content

After releasing a WebKit vulnerability patch for iOS and macOS, Apple's iOS 14.8 fixes the issue for other handheld devices, too. All the aforementioned devices support the patch. Like on the computers, this WebKit vulnerability allowed malicious web content to arbitrarily execute code on the victim's device. Yet again, Apple claims the issue may have been actively exploited by bad actors.

Why the urgency?

CoreGraphics was a zero-click vulnerability for iMessage

The CoreGraphics vulnerability was identified by The Citizen Lab while the WebKit vulnerability's discovery is credited to an anonymous researcher. The CoreGraphics vulnerability was identified as a zero-click iMessage exploit meaning it didn't need any user interaction to perform malicious activities. The exploit is believed to have been used to target Bahraini activists using the NSO Group's Pegasus spyware.

ASAP

Pegasus gives hackers complete control over victim's device

Using the zero-click exploit, Pegasus can remotely read/record messages, calls, and emails and control the camera and microphone of the unwary victim's device. The Citizen Labs' researchers claim the spyware can do everything a user can on their device. Considering this security update's nature we urge you to install it at the earliest to reduce the risk of falling prey to bad actors.