iOS 14.8 and other emergency Apple software updates block invasive spyware

Update your iPhones, Apple Watches, and Macs now to block this zero-click exploit.

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A day beforeAppleis expected to releaseiOS 15and other new software versions alongside theiPhone 13launch, the company releasediOS 14.8as an emergency update to fix an exploit that allowed spyware reportedly like that used by the Israel-based NSO Group to infect iPhones, Apple Watches, and Mac computers without users needing to click on anything.

The exploit is serious enough for Apple to have been sprinting to fix it since the company was alerted to it last Tuesday by Canadian cybersecurity firm Citizen Lab, per theNew York Times. In addition to iOS 14.8, Apple released iPadOS 14.8, watchOS 7.6.2, and macOS Big Sur 11.6, which users are advised to download immediately. It’s unclear if the exploit affects beta versions of upcoming software like iOS 15 (we’ve reached out to Apple to confirm).

The spyware, called Pegasus, quietly downloaded PDF files (intentionally mislabeled as .gif images) to users’ devices without their permission – and unlike other malicious code, without needing users to click on suspicious links or manually download files. Thus, this type of ‘zero click’ exploit is even more dangerous, potentially existing on devices for months without the owners noticing.

Once the PDFs got on a device, Pegasus could activate cameras and microphones, record messages and other communications (even if encrypted) and forward that info back to the cybersurveillance firm NSO Group – and conceivably, its clients.

Apple credited Citizen Lab for alerting the company to the issue:

“After identifying the vulnerability used by this exploit for iMessage, Apple rapidly developed and deployed a fix in iOS 14.8 to protect our users,”  Ivan Krstić, head of Apple Security Engineering and Architecture, told TechRadar over email. “We’d like to commend Citizen Lab for successfully completing the very difficult work of obtaining a sample of this exploit so we could develop this fix quickly. Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals. While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data.”

Analysis: Update iOS 14? In our moment of iOS 15 triumph?

If anything sells the importance of the iOS 14.8 update, it’s that Apple chose to rush it out ahead of iOS 15, which we’re expecting to arrive on September 14 or shortly thereafter following the iPhone 13 launch. Given that every phone running iOS 14 (iPhone 6S and newer) will be able to download the new iOS 15, it’s telling that Apple pulled out the stops to make it available – and didn’t even beta test it, per9to5Mac.

Get the best Black Friday deals direct to your inbox, plus news, reviews, and more.

Sign up to be the first to know about unmissable Black Friday deals on top tech, plus get all your favorite TechRadar content.

To be clear, the iOS 14.8 update is undoubtedly much smaller than iOS 15, and the same is true for the minor updates coming to iPadOS, watchOS, and macOS – so hopefully that makes it easier for folks to swallow.

As previously mentioned, it’s unclear if this exploit worked on iOS 15 public beta and other early versions of other device software; since we haven’t seen similar spyware-blocking updates for the iOS 15 and iPadOS 15 betas, we’d guess not. But Apple is getting wise to this type of exploit: the company confirmed to the New York Times that it’s adding spyware barriers to its next iOS 15 update later this year.

David is now a mobile reporter at Cnet. Formerly Mobile Editor, US for TechRadar, he covered phones, tablets, and wearables. He still thinks the iPhone 4 is the best-looking smartphone ever made. He’s most interested in technology, gaming and culture – and where they overlap and change our lives. His current beat explores how our on-the-go existence is affected by new gadgets, carrier coverage expansions, and corporate strategy shifts.

I’ve used Genmoji and now I’m convinced Apple Intelligence will be a huge success

iOS 18.2 could add Battery Intelligence to your iPhone, letting you know how long it will take to charge

Scotland vs South Africa live stream: how to watch 2024 rugby union Autumn International online from anywhere