Whil’e operating system updates are always fun to have for the new features, many times they’re necessary to fix a security flaw. This is the case with iOS 14.8. Despite it being just one day before the expected announcement of iOS 15, Apple released an emergency software patch to fix a security flaw.
iOS Zero-Click Security Flaw Recognized
Citizen Lab, a cyberattack research group, called out an Israeli cybersecurity firm, NSO Group, as being behind an exploit of an Apple software vulnerability since February 2021. This exploit quietly infects iPhones and other devices using iMessage to send text messages.
“After identifying the vulnerability used by this exploit for iMessage, Apple rapidly developed and deployed a fix in iOS 14.8 to protect our users,” said Apple in a statement.
“We’d like to commend Citizen Lab for successfully completing the very difficult work of obtaining a sample of this exploit so we could develop the fix quickly.”
The exploit is described as a “zero-day” attack. This is a term applied when a user doesn’t need to interact with an exploit for it to infect their device. “They would see nothing,” said Citizen Lab researcher John Scott-Railton.
With iMessage appearing on all Apple devices, it means all iPhones, iPads, Apple Watches, and Mac computers have the potential to be infected. However, Apple also said these types of cyberattacks “are not a threat to the overwhelming majority of our users.”
After being called out by Citizen Lab as being behind the exploit, an NSO Group spokesman said the firm “will continue to provide intelligence and law enforcement agencies around the world with lifesaving technologies to fight terror and crime.”
In March, Citizen Lab began uncovering the exploit, finding that the Pegasus software had infected a Saudi activist’s phone. Last week, Citizen’s Lab found a copy of the cyberattack’s code. It was exploiting an Apple image processing software bug, according to Scott-Ralton. Files labeled as GIFs were really infecting the device and were linked to NSO Group.
Apple Releases Emergency Security Patch
On September 13, Apple released an emergency security patch to handle the NSO Group’s cyberattack. “People should update their devices immediately,” said Scott-Railton.
iPhone and iPad users should update to iOS 14.8 and iPadOS 14.8 by going to “Settings -> General -> Software Update,” then tapping “Download.” Mac users should go to System Preferences and update to Big Sur 11.6. All Watch users can update via the connected iPhones by going to “Apple Watch app -> General -> Software Update.”
These software updates were pushed through just one day before Apple was expected to announce release dates for iOS 15, iPadOS 15, Watch OS 8, and macOS Monterey. That shows how important the emergency software patch is to protect against this exploit.
Find out more about the new Apple software releases from our coverage of Apple’s initial announcement. Read on to find out how the work-from-home trend has led to more cyberattacks and fake collaboration apps.