Man restarting Apple iPhoneApple has released iOS 14.8, an urgent update that all users should quickly install. It comes with a warning about security vulnerabilities that Apple believes adversaries are already using to attack people's phones. The first security issue fixed in iOS 14.8 is a vulnerability in Apple's CoreGraphics framework, where processing a maliciously crafted PDF may allow an attack to execute code. The second security fixed is in the Apple WebKit browser engine, where processing malicious web content could allow an adversary to execute code.

Apple believes that both of these vulnerabilities have been exploited thus far, and recommends you install iOS 14.8 now. The CoreGraphics PDF vulnerability is a zero click exploit reported by ethical hackers Citizen Lab. A zero click attack is very serious, because it requires no interaction from you to download malware unto your iPhone. Apple also released watchOS 7.6.2 to patch the vulnerability. It would be safe to assume iOS 14.8 patches the same issue associated with the Pegasus spyware, says Sean Wright, SME security lead at Immersive Labs. Wright says both the zero click exploit and the Webkit vulnerability fixed in iOS 14.8 should be on people's radars. "The fact there's reason to believe that these are being actively exploited means you should update as soon as possible," he advises.

The iOS 14.8 upgrade is one of many iPhone security updates issued by Apple this year, multiple of which had also been exploited by attackers.