Apple Inc. has released iOS 14.8, iPadOS 14.8, watchOS 7.6.2, and macOS Big Sur 11.6 OTA Update. All these updates address two critical security vulnerabilities that threat actors may have been actively exploiting in the wild.
New Over The Air (OTA) update is available for Apple Inc. iPhone, iPad, Apple Watch, MacBook, and Mac Mini PCs. The update is rather minor but very important as it plugs the CoreGraphics and WebKit security vulnerabilities.
Apple Inc. sends out updates to nearly all its devices because the critical security vulnerability could be actively exploited:
Apple Inc. has confirmed that iOS 14.8 and iPadOS 14.8 both address CoreGraphics and WebKit vulnerabilities. The company further indicated that threat actors may have been actively exploiting these loopholes in the wild.
Apple has unexpectedly released operating system updates to #iOS 14.8 and #iPadOS 14.8, just one day ahead of its #AppleEvent. https://t.co/FLiXs2hHkd pic.twitter.com/99RkLaDHKS
— AppleInsider (@appleinsider) September 13, 2021
The CoreGraphics vulnerability reportedly offers a zero-click iPhone attack that defeated Apple’s Blastdoor protections. Technical jargon aside, this bug could allow a maliciously crafted PDF to lead to arbitrary code execution.
Apple releases iOS 14.8 and macOS 11.6 to address WebKit and PDF vulnerabilities https://t.co/ZRVtEqM6F5 pic.twitter.com/8ukW8tYTY5
— Engadget (@engadget) September 13, 2021
Similarly, the WebKit vulnerability could allow maliciously crafted web content, execute code. Hence, several security experts are strongly urging Apple-branded device users to obtain and install the OTA update.
To install the update, go to Settings > General > Software Update and download it from there. A similar procedure applies to the iPhone, iPad, Apple Watch, MacBook, and Mac Mini.
Apple Inc. releases 8th major OTA update for the iOS and iPadOS 14 within a span of a single year:
The iOS 14 has received eight major updates since September 2020. This makes the operating system quite different from the previous iterations for a very different and concerning reason.
It is important to note that Apple Inc. often releases major updates which include new features and functions. Some of the notable mentions include the Apple App Tracking Transparency (ATT).
Apple’s iOS 14.8 Update Fixes Zero-Click Exploit Used to Distribute Pegasus Spyware https://t.co/BYZSztRqjb by @julipuli pic.twitter.com/aOMz7vfU3g
— MacRumors.com (@MacRumors) September 13, 2021
However, for the past year, Apple Inc. has been sending quite a few security updates. These updates actively fix security loopholes or system vulnerabilities.
It appears malware, viruses and other malicious pieces of software targeting Apple devices could be on the rise. The Apple iPhone is quite popular in the United States of America.
#New: Apple has issued an emergency software update – it’s on your iPhone now, called iOS 14.8 – after a flaw was found that lets invasive spyware infect anyone’s iPhone without you knowing.
The fix takes minutes. pic.twitter.com/JthX7k1D5T— scott budman (@scottbudman) September 13, 2021
Apple claims there are more than a billion Apple iPhones in the world. Such a high volume makes Apple devices a lucrative target for espionage, ransom, theft, and other threats.
Given the increasing popularity of Apple-branded devices, Apple Inc. may have to actively plug a lot more newly discovered, and possibly actively exploited, security loopholes.
Do you own an iPhone? Go update it right now. I'll wait here. iOS 14.8 includes a fix for an NSO zero-click exploit found on a Saudi activist's phone. https://t.co/qbIJQLTwm2
— Eva (@evacide) September 13, 2021
From the consumer’s perspective, installing an update from Apple Inc. may become even more critical. In other words, do not delay addressing nor dismiss the OTA Update or its notification.