15/09/2021
iOS 14.8 and other emergency Apple software updates block invasive A day before Apple is expected to release iOS 15 and other new software versions alongside the iPhone 13 launch, the company released iOS 14.8 as an emergency update to fix an exploit that allowed spyware reportedly like that used by the Israel-based NSO Group to infect iPhones, Apple Watches, and Mac computers without users needing to click on anything.
The exploit is serious enough for Apple to have been sprinting to fix it since the company was alerted to it last Tuesday by Canadian cybersecurity firm Citizen Lab.
In addition to iOS 14.8, Apple released iPadOS 14.8, watchOS 7.6.2, and macOS Big Sur 11.6, which users are advised to download immediately. It’s unclear if the exploit affects beta versions of upcoming software like iOS 15 (we’ve reached out to Apple to confirm).
The spyware, called Pegasus, quietly downloaded PDF files (intentionally mislabeled as .gif images) to users’ devices without their permission – and unlike other malicious code, without needing users to click on suspicious links or manually download files. Thus, this type of ‘zero click’ exploit is even more dangerous, potentially existing on devices for months without the owners noticing.
Once the PDFs got on a device, Pegasus could activate cameras and microphones, record messages and other communications (even if encrypted) and forward that info back to the cybersurveillance firm NSO Group – and conceivably, its clients.
