Apple will launch the new iPhone 13 lineup today at an online event. Traditionally, it is also the day when the latest iOS version — iOS 15 in this case — is also rolled out to all iPhone users. While it’s not clear if Apple will do that today but it has rolled out an important security update to iOS 14 users.
In a support document released by Apple, the company said that the update — iOS 14.8 — fixes security vulnerabilities that “may have been actively exploited in the wild.”
The update comes after Citizen Lab, a security research firm, had pointed out certain vulnerabilities that put iPhones at ‘risk’. Apple acknowledged Citizen Lab for pointing out the security flaw. According to a 9to5Mac report, Apple has also issued a statement on the matter. Ivan Krstić, head of Apple Security Engineering and Architecture, said in a statement, “After identifying the vulnerability used by this exploit for iMessage, Apple rapidly developed and deployed a fix in iOS 14.8 to protect our users. We’d like to commend Citizen Lab for successfully completing the very difficult work of obtaining a sample of this exploit so we could develop this fix quickly.”
Krstić further said that attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals. “While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data,” he added.
iOS 14.8 update is available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).
Apple has also mentioned the impact of the vulnerability and stated, “Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.”