Apple Update! iOS 14.8 Is Here Just Before The Event

After a huge event and multiple updates from WWDC 2021 announcements, Apple came up under the security infringement checkups. The security researchers at Citizen Lab discovered a zero-day zero-click exploit, called FORCEDENTRY.

Table of Contents

The exploit aims at the image rendering library of iOS devices – iPhones, Macbooks, and iWatches, which allow government agencies to install spyware. The source of the bug is reported to be Pegasus spyware, which is capable of stealing passwords, account data, sensitive information, activating the phone’s features like a camera, and a lot more.

Apple, after so many efforts to pin down the bug, released iOS 14.8, along with macOS, and watchOS updates. The notification urges the need to update iOS devices with these releases to avoid any cyberattack by this outrageous exploit.

What Updates Released By Apple?

– iOS 14.8, iPadOS 14.8, & macOS Big Sur 

#1 CoreGraphics

Targeted Devices: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, macOS Big Sur and iPod touch (7th generation)

Effect: Processing and diluting malicious files (PDF) that can execute an arbitrary code.

#2 WebKit

Targeted Devices: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, macOS Big Sur and iPod touch (7th generation)

Effect: Processing and diluting malicious files (PDF) that can execute an arbitrary code.

– WatchOS 7.6.2

#1 CoreGraphics

Targeted Devices: Apple Watch Series 3 and later

Effect: Processing and diluting malicious files (PDF) that can execute an arbitrary code.

When & How?

The discovery of a malicious bug – FORCEDENTRY made Apple Corp release several updates, including iOS 14.8, macOS Big Sur 11.6, and watchOS 7.6.2. The company says, “AWARE OF A REPORT THAT THIS ISSUE MAY HAVE BEEN ACTIVELY EXPLOITED.”

Worldwide popular security analysts from Citizen Lab reported several instances where the bug is exploited while using/running iOS 14.6 (announced in May). They accounted for the vulnerability, FORCEDENTRY, looked familiar or behaved like an exploit related to Pegasus spyware. Before, the fingers were pointed towards IDFA changes from Apple, but later the experts cleared the information.

The experts also mentioned that the bug finds the passage to enter the iOS devices through text messages when users use a function like GIFs in answer to a message received with a malicious file. It was quite challenging for the iOS app developers to find the exact behavior of the file, but somehow they pinned down the difficulties.

The experts from Citizen Lab discovered files from an activist’s iOS device by monitoring the backup files from it. The files actually turned out to be PSDs and PDFs, sent as a message through GIFs.

Why did Apple release iOS 14.8  just days before iOS 15?

Since the release date of iOS 15 is just a day away, you must be thinking – ‘Why this update now!’ But, the process of maintaining a secure roadmap for upcoming updates gets the major priority from the tech giant. Apple users (especially developers) must have been expecting this, quite a long time ago, but now they have been urged to do this.

Though iOS 15 beta 3 is out, the push of security updates from iOS 14 to iOS 15 was necessary, as they can’t keep user security at stake. The bug was a huge loophole as the malicious files are proactive towards sensitive data. So, they have to assure that this bug won’t proceed to another iOS upgrade straight away. If that happens, there will be a big blow on the company’s reputation.

This explains why the company is urging iOS users to install updates on their Apple devices just a day before the release of new iOS in the market. Everyone was eagerly waiting for the announcements since August, but this news has spread like wildfire especially among the development communities.

Final Crux

Every digital device user, whether it’s a smartphone or smartwatch, must be aware of the latest updates available for their OS. The big reason behind it is to keep their device bug-free and secure from malicious attacks, surrounding digital networks. That’s what Apple synced with and assured that users’ devices aren’t vulnerable to harmful security exploits.

Since the announcement of iOS 14 in the WWDC 2021 keynote, Apple has been monitoring the bugs proactively. Thankfully, they started to pin them down through recent updates while keeping worldwide Apple users aware of malicious encounters.

Tomorrow will be a big day for the Californian Tech Giant, with major announcements on the way. And the sudden updates brought the attention of millions of iOS users! Most people will think of it as a marketing strategy, but exploiting security vulnerabilities is no game for any tech firm.

Skip to toolbar