iOS 14.8, watchOS 7.6.2 and macOS 11.6 fix a serious security vulnerability

Apple has just launched the rollout of iOS 14.8, watchOS 7.6.2, and macOS 11.6 updates to all compatible devices. These firmwares correct several security breaches, including a serious flaw exploited by the Pegasus spyware. Thanks to this flaw, a hacker is able to take control of an iPhone or a Mac through the iMessage application.

This September 13, 2021, Apple launched the update rollout iOS 14.8, iPadOS 14.8, watchOS 7.6.2 and macOS Big Sur 11.6 on all compatible terminals. On its support page, the Cupertino giant claims that two security breaches have been corrected by firmware.

The first flaw allowed a “Malicious web content” arbitrarily execute code on a user’s terminal. Apple explains that the flaw has “May have been actively exploited” by pirates. In order to protect users, the group does not say more about how vulnerability works.

Apple fixes a security failure exploited by the Pegasus malware

The second corrected security flaw has been exploited by Pegasus, the dreaded spyware developed by NSO, since February 2021. “Processing a maliciously crafted PDF may lead to arbitrary code execution”, details Apple. This breach, called FORCEDENTRY by the experts at The Citizen Lab, allows hack an iPhone by transmitting a PDF document corrupted by iMessage, the instant messaging of Apple devices.

This PDF is able to install Pegasus on an iPhone without the user’s knowledge. According to The Citizen Lab, which spotted the vulnerability last month, the flaw was used to enter the smartphone of activists from Bahrain (Saudi Arabia) last March. The Pegasus malware is indeed heavily used by authoritarian governments.

Also read: this app checks if the Pegasus malware has been installed on your Android or iOS smartphone

It’s about a zero click attack. This type of attack does not require a user to click on the PDF document. The Israeli firm NSO has indeed managed to circumvent Apple’s security measures to deploy Pegasus with complete discretion. Anyway, the vulnerability has been corrected by the latest version of iOS 14. We advise you to install it quickly on your iPhone.