Apple has released iOS 14.8, an urgent iPhone update that all users should install now. That’s because it comes with a warning—iOS 14.8 is an important security only upgrade for two vulnerabilities that Apple believes adversaries are already using to attack people’s iPhones.

The first security issue fixed in iOS 14.8 is a vulnerability in Apple’s CoreGraphics framework, where processing a maliciously crafted PDF may allow an attacker to execute code.

The second security hole fixed in iOS 14.8 is in the Apple WebKit browser engine, where processing malicious web content could allow an adversary to execute code.

Apple believes both vulnerabilities have been exploited by attackers, so it recommends you install iOS 14.8 now. The CoreGraphics PDF vulnerability is a zero click exploit reported by ethical hackers Citizen Lab. It would therefore be safe to assume iOS 14.8 patches the issue associated with the Pegasus spyware, says Sean Wright, SME security lead at Immersive Labs.

A zero click attack is very serious, because it requires no interaction from you to download malware onto your iPhone. Apple also released watchOS 7.6.2 to patch the zero click vulnerability.

Wright says both this and the WebKit vulnerability fixed in iOS 14.8 should be on people’s radars. “The fact there’s reason to believe that these are being actively exploited means you should update as soon as possible,” he advises.

The iOS 14.8 upgrade is one of many iPhone security updates issued by Apple this year, multiple of which had also been exploited by attackers.

Originally posted on Forbes

Frankenstein Computers has been taking care of our happy clients since 1999. We specialize in IT Support, Cyber Security, IT Service, IT Security MAC repair, PC Repair, Virus Removal, and much more. Give us a call for remote support or drop in to drop off.