Apple has pushed iOS and iPadOS 14.8 out, and it’s absolutely critical that you update to fix a zero-click exploit that Apple says “may have been actively exploited in the wild.” If you use either of these devices, you must update as soon as possible.
What’s Fixed in iOS and iPadOS 14.8?
The CoreGraphics vulnerability, which The Citizen Lab first reported, defeated Apple’s Blastdoor protections as a zero-click exploit. It is believed that this exploit was used to go after the Bahraini activists whose iPhones were successfully hacked with Pegasus spyware.
Apple’s support document talks about “an integer overflow was addressed with improved input validation” in CoreGraphics.
Additionally, Apple fixed a vulnerability in WebKit that an anonymous researcher reported. With this exploit, the support document says, “a use after free issue was addressed with improved memory management.”
Essentially, this means that a zero-click exploit is in use here, which means you don’t have to install or click on anything special for malicious individuals to take advantage of them. Apple’s BlastDoor security sandbox is a system used to stop malicious code execution in Messages, and these exploits could bypass it, leaving iPhone and iPad owners vulnerable.
This Update Is Important
While this may not sound as exciting as an update with new features, it’s just as important. Significant vulnerabilities like these could leave you open to attacks. You don’t want to risk exposing your device, so it’s worth downloading the update and getting it installed on your device as soon as you can so you don’t have to worry.