Just a day before Apple’s September event, Apple has released the iOS 14.8, iPadOS 14.8, macOS 11.6, and WatchOS 7.6.2 security updates. While the updates list what might be just basic improvements to CoreGraphics and WebKit, it actually stops the devices from “Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited,” according to the security note. This code execution is what allows spyware to run on your devices.
The spyware, named Pegasus, from Israel’s NSO Group is able to infect Apple devices without victims’ knowledge. In a recent interview with the New York Times, Apple’s head of security engineering and architecture Ivan Krstić urged customers to run the latest software updates for the fixes to take effect, by installing iOS 14.8, MacOS 11.6, and WatchOS 7.6.2.
Citizen Lab, a cybersecurity watchdog organization at the University of Toronto, discovered an iPhone had been infected with the advanced form of spyware from NSO. One of the senior researchers, John Scott-Railton, also urged Apple customers to run their software updates immediately, “Do you own an Apple product? Update it today.”
You can find out more in Apple Issues Emergency Security Updates to Close a Spyware Flaw at the New York Times.