With iOS 15 set to launch in the near future, Apple’s work on iOS 14 is winding down, but Apple in mid-September released a new update to iOS, iOS 14.8.
There are no new outward-facing changes in iOS 14.8, and no feature additions, but the update does address two security vulnerabilities so it’s worth installing as soon as you can. Details on the vulnerability fixes are below.
If an iOS device opened up a maliciously crafted PDF, it could be allowed to execute code, impacting iOS devices. Apple says that this issue may have been actively exploited.
To address the bug, Apple has fixed an integer overflow issue with improved input validation.
The Citizen Lab is credited with finding the CoreGraphics bug, which was disclosed to Apple in early September and which Apple scrambled to fix in a week. The exploit was able to bypass Apple’s BlastDoor protections designed to prevent such attacks against iMessage.
With the WebKit vulnerability, processing maliciously crafted web content could lead to arbitrary code execution and issues for iOS devices.
Apple says that the vulnerability may have been used in the wild, and a use after free issue was addressed with improved memory management to fix the bug.
Future iOS 14 Updates
Apple plans to continue to provide security updates for iOS 14 going forward because users can choose to stay on iOS 14 instead of upgrading to iOS 15.
All iOS 14 updates will be minor security updates, though, and new features will only come in iOS 15.