A day before Apple is expected to release iOS 15 and other new software versions alongside the iPhone 13 launch, the company released iOS 14.8 as an emergency update to fix an exploit that reportedly But it was allowed to infect spyware used by the Israel-based NSO group. iPhones, Apple Watches, and Mac computers without users needing to click on anything.
The exploit is serious enough for Apple as the company was alerted by Canadian cyber security firm Citizen Lab last Tuesday to fix it. new York Times. In addition to iOS 14.8, Apple released iPadOS 14.8, watchOS 7.6.2 and macOS Big Sur 11.6, which users are advised to download immediately. It’s unclear if the exploit affects beta versions of upcoming software like iOS 15 (we’ve reached out to Apple to confirm).
The spyware, called Pegasus, silently downloads PDF files (intentionally mislabeled as .gif images) without users’ permission – and unlike other malicious code, allows users to click suspicious links or download files manually. without the need to download from . Thus, this type of ‘zero click’ exploit is even more dangerous, potentially luring on devices for months without owners noticing.
Once the PDF is found on a device, Pegasus can activate cameras and microphones, record messages and other communications (even if encrypted) and transmit that information to cyber surveillance firm NSO Group – and possibly, its customers. can forward to.
Analysis: Update iOS 14? In our moment of victory over iOS 15?
If anything sells the importance of the iOS 14.8 update, Apple chose to push it beyond iOS 15, which we’re expecting to arrive on September 14th or shortly after the iPhone 13 launch. Given that every phone running iOS 14 (iPhone 6S and newer) will be able to download the new iOS 15, it’s telling that Apple pulled the stop to make it available — and didn’t even beta test it, per Nerdshala.
To be clear, the iOS 14.8 update is undoubtedly a lot smaller than iOS 15, and the same is true for the minor updates coming to iPadOS, watchOS, and macOS – so hopefully it will be easier for people to swallow.
As previously mentioned, it is unclear whether this exploit works on the iOS 15 public beta and other early versions of other device software; Since we haven’t seen similar spyware-blocking updates for iOS 15 and iPadOS 15 beta, we wouldn’t guess. But Apple is getting wiser for this type of exploit: The company confirmed to the New York Times that it’s adding a spyware barrier to its next iOS 15 update later this year.
- Expect the iPhone 13 and Apple Watch 7, iPad and Mac to arrive later on September 14th