Apple is about to unveil the iPhone 13 during its media event on September 14. It will also release iOS 15 shortly after. As is customary with iPhone ads, the next-gen version of iOS will be available on older iPhone models, starting with the iPhone 6s. But Apple surprised iPhone users on Monday with an unexpected update to iOS 14.8 that was rolled out directly to all supported devices, bypassing beta testing. Apple explained that iOS 14.8 “provides important security updates and is recommended for all users.” It turns out that iOS 14.8 fixes a critical zero-day attack that is part of NSO’s infamous Pegasus family, and you should update your iPhone as soon as possible.
Today’s best offer Amazon just launched a new sell-off – check out the best deals right here! Price:Check out today’s deals! Available on Amazon, BGR may receive a commission Available on Amazon BGR can receive a commission
Pegasus cheats targeting iPhones
Security and privacy have been core features of Apple products for years. The company has always explained why it believes that security and privacy are essential features of iPhone and Mac, turning them into marketing weapons as well. This did not stop security researchers from looking for weaknesses that they could exploit to hack iPhone and Mac devices. If anything, Apple’s increased focus on data security made searching for iOS exploits a very lucrative business.
Earlier this year, Pegasus hacks made headlines. The reports explained that the Israeli group NSO developed the Pegasus cheats for law enforcement agencies. The company developed the tools to allow governments to spy on targets using Apple devices such as iPhones and Macs. Pegasus’ sophisticated attacks also avoid detection. They help attackers spy on a target and only need one message to be deployed.
IOS version 14.8 is a security update that addresses a Pegasus vulnerability. While Apple did not name the exploit in its documentation, the company confirmed to The Washington Post that the release of iOS 14.8 is in response to the newly discovered Pegasus hack.
Separately, Citizen Lab researchers posted a blog post on Monday explaining a new trick called FORCEDENTRY. The researchers explained that iOS 14.8 fixes the vulnerability, ensuring that attackers cannot spy on targets using this Pegasus attack.
What the iOS 14.8 update does to protect your iPhone
Ivan Krstic, Apple’s head of security engineering and architecture, thanked Citizen Lab for finding the exploit in the wild.
“After identifying the vulnerability used by this exploit for iMessage, Apple quickly developed and implemented a solution,” said Krstic. The charge. “Attacks such as those described are highly sophisticated, cost millions of dollars to develop, often have a short lifespan, and are used to target specific individuals. While that means they are not a threat to the vast majority of our users, we continue to work tirelessly to defend all of our customers and are constantly adding new protections for their devices and data. “
Citizen Lab found the FORCEDENTRY attack in March 2021 while examining the phone of an anonymous Saudi activist. They found that the attackers sent 28 copies of an identical GIF file to the target. However, that wasn’t really a GIF, but a 748-byte Adobe PSD file.
The attackers sent the files through iMessage, which allowed them to access the phone. The victim did not even have to touch anything to allow exploitation. Once malicious code is executed, it can send information remotely to attackers. This includes camera and microphone recordings, location data, messages, call logs, and emails.
Citizen Lab determined that the technology was similar to Pegasus. Therefore, this was probably the work of the NSO Group. The security company sent the findings to Apple on September 7. Apple then released the iOS 14.8 fixes about a week later.
It’s not just the iPhone
Citizen Labs said The charge that the company would not have discovered FORCEDENTERÍA if it had not been used against someone in nature.
NSO Group did not address the new findings or the iOS 14.8 update. The Israeli company said The charge that it will “continue to provide intelligence and law enforcement agencies around the world with life-saving technologies to combat terrorism and crime.” Despite NSO’s claims, previous reports found that some entities had used the iPhone to hack Pegasus software to target dissidents, journalists, and activists.
In addition to updating your iPhone to iOS 14.8, you must also install the latest iPadOS 14.8 update on the iPad. Also, be sure to get the macOS 11.6 and watchOS 7.6.2 security updates that Apple released on Monday. These software versions also patch the same Pegasus threat.