Install iOS 14.8 and other Apple updates asap to protect against zero-click Messages attacks
The latest round of Apple software updates fixes vulnerabilities making possible recent zero-click attacks that bypassed Apple’s BlastDoor security in Messages. iOS 14.8 includes security fixes for two bugs that Apple says have been actively exploited in the wild. Do yourself a big favor and install the latest updates to close this particularly dangerous attack vector.
STORY HIGHLIGHTS:
- iOS 14.8 fixes a zero-day vulnerability used to run malicious code
- The dangerous vulnerability may have been exploited in the wild
- iOS 14.8 patches two related bugs and you’re advised to update
Install iOS 14.8 security fix as soon as possible
Apple on September 13, 2021, released iOS 14.8, iPadOS 14.8, watchOS 7.6.2 and macOS Big Sur 11.6 to the general public. As it turns out, these iPhone, iPad, Apple Watch and Mac software updates include a critical fix for a dangerous vulnerability that hackers may have used already to target unsuspecting users.
Two bugs have been found. One is in Apple’s CoreGraphics system responsible for provides lightweight 2D rendering and the WebKit layout engine used by the Safari browser and other system features that want to render web content.
The CoreGraphics issue affects Apple Watch Series 3, iPhone 6s, iPad Air 2, iPad 5, iPad mini 4 and later, the seventh-generation iPod touch and all Macs that run macOS Big Sur. The WebKit bug affects all the same devices except Apple Watch.
The CoreGraphics bug, discovered by The Citizen Lab (CVE-2021-30860) could result in arbitrary code execution when processing a maliciously crafted PDF document. This has been fixed by addressing an integer overflow with improved input validation.
Sn August 2021 post on The Citizen Lab blog claims the vulnerability has been used to bypass Apple’s Blastdoor protections in Messages. It was reported earlier that this zero-click attack was used in hacking into Bahraini activists’ iPhones using NSO Group’s Pegasus spyware.
The same vulnerability is present in WebKit and has been patched with improved memory management. The WebKit issue is credited to an anonymous researcher (CVE-2021-30858).
Security contents of iOS 14.8, watchOS 7.6.2 and macOS Big Sur 11.6
Apple provided these support documents listing the security contents of the updates:
- About the security content of iOS 14.8 and iPadOS 14.8
- About the security content of watchOS 7.6.2
- About the security content of macOS Big Sur 11.6
- About the security content of Security Update 2021-005 Catalina
- About the security content of Safari 14.1.2
A dedicated update for older macOS versions, titled “Security Update 2021-005 Catalina” is now available on Catalina-powered Macs to patch the CoreGraphics issue. Similarly, WebKit patches for Macs powered by macOS Catalina or macOS Mojave are provided as part of the Safari 14.1.2 update.
Both patches are available through the Software Update feature on those computers.
Should I update to iOS 14.8?
In a word, yes — and without hesitation.
We definitely wholeheartedly recommend updating the iOS software powering your iPhone or iPod touch to iOS 14.8 as soon as possible. And your iPad, Apple Watch and Mac devices as well because the respective iPadOS 14.8, watchOS 7.6.2 and macOS Big Sur 11.6 updates for those devices are also available.
If you don’t update, your devices will remain vulnerable to this particular attack.
How to update to iOS 14.8, iPadOS 14.8, watchOS 7.6.2 and macOS Big Sur 11.6
To update the operating system software powering your iPhone, iPad or iPod touch, go to Settings → General → Software Update. When an update is available, you can download and install it with a touch of a button. Be sure that your device is plugged into power and connected to the internet over Wi-Fi.
To update the watchOS software on your Apple Watch, choose My Watch → General → Software Update in the companion Watch app on your paired iPhone. You’ll see a message if an update is available. If asked for your iPhone passcode or Apple Watch passcode, enter it.
Make sure that that your Apple Watch is at least 50 percent charged and its paired iPhone is connected to the internet via Wi-Fi. You’ll also need to keep both the phone and the watch close to each other so that they’re in Bluetooth range. While it could take from several minutes to an hour for the update to complete, power users may want to take advantage of a little-known Bluetooth trick that will speed up Apple Watch software updates dramatically.
To update the macOS software on your Mac computers, launch the System Preferences app and choose “Software Update” from the System Preferences window, then follow onscreen instructions to install the latest updates.
Source link: https://www.idownloadblog.com/2021/09/13/ios-14-8-security-fix-info/
Leave a Reply