Apple has released iOS 14.8, an urgent iPhone update that all users should install now.
iOS 14.8 is an important security only update for two vulnerabilities that Apple believes adversaries are already using to attack people’s iPhones.
The first security issue fixed in iOS 14.8 is a vulnerability in Apple’s CoreGraphics framework, where processing a maliciously crafted PDF may allow an attacker to execute code.
The second security hole fixed in iOS 14.8 is in the Apple WebKit browser engine, where processing malicious web content could allow an adversary to execute code.
Apple believes both vulnerabilities have been exploited by attackers, so it recommends you install iOS 14.8 now. The CoreGraphics PDF vulnerability is a zero click exploit reported by ethical hackers Citizen Lab. A zero click attack is very serious, because it requires no interaction from you to download malware onto your iPhone.
The NLG IT team will be automatically updating any applicable corporate owned devices as soon as possible but be sure to update your own personal devices!
For more information on the vulnerabilities from Apple and which products they affect, see https://support.apple.com/en-us/HT212807
To learn how to update your Apple devices, see https://support.apple.com/en-us/HT204204