Apple has issued an urgent security update for iPhone users to help address two critical vulnerabilities that it believes may already be affecting devices.
The 'important' iOS 14.8 update was released on Monday (13 September), just days before the expected rollout of iOS 15.
A message from Apple told its iPhone customers: "This update provides important security update and is recommended for all users."
Advert
It comes after independent researchers warned of a software exploit, which could affect users even if they do not open a link or file.
According to Forbes, the first security issued fixed in IOS 14.8 is a 'vulnerability in Apple's CoreGraphics framework, where processing a maliciously crafted PDF may allow an attacker to execute code'.
The second is in the Apple WebKit browser engine, where 'processing malicious web content could allow an adversary to execute code'.
Advert
Researchers at the University of Toronto's Citizen Lab said the exploit had been in use since February and was being used to deploy Pegasus, the spyware made by Israeli firm NSO Group - which 7News reports was allegedly being used to watch journalists and human rights advocates in various countries.
Citizen Lab said said they found malicious image files being shared via instant iMessage to phones, which were then hacked by the Pegasus spyware, warning that the CoreGraphics PDF vulnerability is a zero click issue - something that is especially serious as it requires no interaction from the device's user to download malware onto the phone.
On the Apple Support site, a rundown of the update's changes for the CoreGraphics framework explains: "Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).
"Impact: Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Advert
"Description: An integer overflow was addressed with improved input validation."
It adds of changes for the WebKit browser engine: "Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).
"Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Advert
"Description: A use after free issue was addressed with improved memory management."
Apple security chief Ivan Krstic issued a statement saying that 'after identifying the vulnerability used by this exploit for iMessage, Apple rapidly developed and deployed a fix in iOS 14.8 to protect our users'.
In a statement to LADbible, NSO Group said: "NSO Group will continue to provide intelligence and law enforcement agencies around the world with life saving technologies to fight terror and crime."
Featured Image Credit: PA
Topics: phone, News, Technology, iPhone