Why is iOS 14 getting an update now?

Today, Apple presents the finished version of iOS 15 at the September event. But shortly before that, the company has provided an update for iOS 14 that contains important security patches.

iOS 14.8 is an unusual update in many ways. Not only is it the first in history to carry the version number “8.” It has also been released without a previous beta – and just a day before the release of its successor, iOS 15. However, there is a good reason why Apple has been quick to provide the update – a serious security vulnerability.

iOS 14.8 protects against Pegasus spyware

The update protects users against a so-called “zero-click” vulnerability that allows Pegasus spyware to install itself on endpoints. Zero-click means that users do not have to do anything for this to happen. Security vulnerabilities of this kind are therefore particularly dangerous. On top of that, Pegasus is able to steal passwords and login data and access the camera and microphones. The vulnerability was found by Citizen Lab, a research lab at the University of Toronto. Pegasus is used by governments to spy on journalists, for example, according to Citizen Lab.

In the support document that Apple created for iOS 14.8, the company writes that the bug affects the CoreGraphics system. The flaw results in maliciously created PDF documents being able to execute arbitrary code on the device. Apple has addressed the issue with “improved input validation.”

In addition, iOS 14.8 fixes another security vulnerability in Apple’s WebKit. This also allows the execution of arbitrary code on the end device, but starting from web content. Apple is aware of at least one case in which this gap was potentially actively exploited. The company has now closed it with “improved memory management”.

Don’t wait for iOS 15

The fact that Apple provides iOS 14.8 so shortly before iOS 15 shows how urgent the update is. Users should therefore install it immediately and not wait for iOS 15. The update is ready for iPhone 6s and newer, iPad Air 2 and newer, iPad mini 4 and newer, and iPod touch (7th generation).

Incidentally, the security patches are not only included in iOS 14.8 and iPadOS 14.8, but also in watchOS 7.6.2 and macOS Big Sur 11.6.

Sources

  • Apple support
  • The Verge