Apple releases iOS 14.8 to fix new zero-click exploit allegedly used by NSO Group

Apple releases iOS 14.8 to fix new zero-click exploit allegedly used by NSO Group

Apple has released iOS 14.8 with some important security patches. This update could be the last iOS 14 receives, as iOS 15’s release nears alongside the launch of the new iPhone 13. Apple, however, could be allowing users to install future security updates without having to update to the next major OS version.

A week ago, The Citizen Lab notified Apple about a new zero-day zero-click exploit targeting iOS, iPadOS, watchOS and macOS users through iMessage. An attacker would be able to gain access to sensitive information, including the messages, call logs, and emails of the victim, in addition to the device’s camera and microphone. The exploit, FORCEDENTRY, has originated in Israel and was distributed by NSO Group to governments around the world. It took Apple a week to fix it, and it is recommended that all users update their devices as soon as possible.

Apart from iOS 14.8, Apple has also released security updates across iPadOS, watchOS, and macOS. In a support document, Apple lists the following fixes:

  • CoreGraphics
    • Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
    • Impact: Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
    • Description: An integer overflow was addressed with improved input validation.
    • CVE-2021-30860: The Citizen Lab
  • WebKit
    • Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
    • Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
    • Description: A use after free issue was addressed with improved memory management.
    • CVE-2021-30858: an anonymous researcher

To update your iPhone, you can check our tutorial on how to check and update iOS on your iPhone. We highly recommend that all users update to the latest version of Apple software on their devices as soon as possible.

About author

Mahmoud Itani
Mahmoud Itani

Mahmoud is an Istanbul-based Beiruti who has always sought freedom through writing. His hobbies include keeping up with tech news, writing articles about Apple devices & services, crocheting, meditating, and composing poetry. You’ll likely find him jogging at a park, swimming in open water, brainstorming at a coffeehouse, or merely lost in nature. His personal pieces are available on his website, MahmoudItani.com, and he can be reached via [email protected] or the provided social links.