Apple Inc. has released iOS 14.8, iPadOS 14.8, watchOS 7.6.2, and macOS Big Sur 11.6 OTA Update. All these updates address two critical security vulnerabilities that threat actors may have been actively exploiting in the wild.
New Over The Air (OTA) update is available for Apple Inc. iPhone, iPad, Apple Watch, MacBook, and Mac Mini PCs. The update is rather minor but very important as it plugs the CoreGraphics and WebKit security vulnerabilities.
Apple Inc. sends out updates to nearly all its devices because the critical security vulnerability could be actively exploited:
Apple Inc. has confirmed that iOS 14.8 and iPadOS 14.8 both address CoreGraphics and WebKit vulnerabilities. The company further indicated that threat actors may have been actively exploiting these loopholes in the wild.
— AppleInsider (@appleinsider) September 13, 2021
The CoreGraphics vulnerability reportedly offers a zero-click iPhone attack that defeated Apple’s Blastdoor protections. Technical jargon aside, this bug could allow a maliciously crafted PDF to lead to arbitrary code execution.
— Engadget (@engadget) September 13, 2021
Similarly, the WebKit vulnerability could allow maliciously crafted web content, execute code. Hence, several security experts are strongly urging Apple-branded device users to obtain and install the OTA update.
To install the update, go to Settings > General > Software Update and download it from there. A similar procedure applies to the iPhone, iPad, Apple Watch, MacBook, and Mac Mini.
Apple Inc. releases 8th major OTA update for the iOS and iPadOS 14 within a span of a single year:
The iOS 14 has received eight major updates since September 2020. This makes the operating system quite different from the previous iterations for a very different and concerning reason.
— MacRumors.com (@MacRumors) September 13, 2021
However, for the past year, Apple Inc. has been sending quite a few security updates. These updates actively fix security loopholes or system vulnerabilities.
#New: Apple has issued an emergency software update – it’s on your iPhone now, called iOS 14.8 – after a flaw was found that lets invasive spyware infect anyone’s iPhone without you knowing.
The fix takes minutes. pic.twitter.com/JthX7k1D5T
— scott budman (@scottbudman) September 13, 2021
Given the increasing popularity of Apple-branded devices, Apple Inc. may have to actively plug a lot more newly discovered, and possibly actively exploited, security loopholes.
Do you own an iPhone? Go update it right now. I'll wait here. iOS 14.8 includes a fix for an NSO zero-click exploit found on a Saudi activist's phone. https://t.co/qbIJQLTwm2
— Eva (@evacide) September 13, 2021
From the consumer’s perspective, installing an update from Apple Inc. may become even more critical. In other words, do not delay addressing nor dismiss the OTA Update or its notification.