Apple has released emergency updates iOS 14.8, iPadOS 14.8, macOS 11.6 and watchOS 7.6.2 to fix Pegasus damage on the iPhone, iPad, Mac and Apple Watch. The bug was revealed Monday by Citizen Labs (a cyber research unit at the University of Toronto) that allowed a hacker to use NSO’s Pegasus malware to gain access to a Saudi activist’s device.
This was done using a security flaw in Apple’s messaging app. Apple said it could take advantage of the “maliciously created” PDF file. This shortcoming was a zero-day vulnerability, i.e. it was unknown to Apple or they had not developed a patch for it at the time.
Moreover, exploitation was a zero-click exploitation, which means that victims do not have to click on a malicious file to infect their devices. Rather, it operates itself with a security hole.
“After recognizing the vulnerability used by this exploit for iMessage, Apple rapidly developed and deployed a solution in iOS 14.8 to protect our users,” said Evan Christie, Head of Security Engineering and Architecture at Apple. “We would like to congratulate Citizen Lab for successfully completing the very difficult task of obtaining a sample of this exploitation, so we can develop this solution faster.”
In a support document posted on September 13, Apple described the risk and its solution.The urgent iOS 14.8 update comes just days before the much-anticipated Apple launch event, which will announce the latest iPhone 13 series, Apple Watch 7 and AirPods. It may contain more security enhancements.
Read interesting news, reviews as well as tips & tricks on TechnoBugg website, and stay updated with the latest happenings of the tech world on the go with Technobugg App. Also follow on Google News and join our Telegram channel for the latest updates.