Ahead of its much-awaited iPhone launch event, Apple has deployed an important update for iOS and iPadOS users to patch a “zero-click” vulnerability that has been actively exploited by attackers. The Cupertino giant is currently rolling out the iOS 14.8 and iPadOS 14.8 update for users to keep them protected from malicious actors who can access user devices with a simple PDF file sent on iMessage.
The zero-click vulnerability was discovered by independent security researchers and let an attacker access a user’s data on an iPhone or iPad with a message on Apple’s iMessage platform. Moreover, the most dangerous thing about the vulnerability is that users do not even need to open a link or a file for the spyware to take control. A simple PDF file sent on iMessage is enough to let an attacker access user devices.
The malicious security flaw was recently highlighted by researchers at the University of Toronto’s Citizen Lab. The researchers apparently found evidence that the iMessage vulnerability was actively exploited to hack a Saudi activist’s iPhone. Furthermore, the researchers claimed that it is highly likely that the Israeli organization, NSO Group, the one which developed the much-controversial Pegasus software, was behind the attack.
Citing the report, Apple started to roll out the iOS 14.8 and iPadOS 14.8 update to compatible iPhones and iPads. The company announced the update in an official blog post recently, saying that it is aware of a report by The Citizen Lab that states that the zero-click vulnerability “may have been actively exploited.” As per Apple, the update addresses an integer overflow with improved input validation.
So, if you are an iPhone or iPad user, head to the Settings, check for an update, and install it right away to protect your device against any malicious attacks.