Apple today is rolling out iOS 14.8 for compatible iPhones. This is one of those unglamorous security updates that doesn't bring much on the surface but does actually fix some important security loopholes and it's imperative you install it at the earliest.
The iOS 14.8 update provides fixes for the CoreGraphics and WebKit vulnerabilities that Apple says may have been exploited.
iOS 14.8 is out, and it's security fixes, including one that was reported by @citizenlab — which said in August that it found zero-click NSO Group attacks on Bahraini activists using current iPhones https://t.co/3DxeKVtuLi pic.twitter.com/HVG6JbvyeE— kif (@kifleswing) September 13, 2021
The CoreGraphics vulnerability was first discovered by The Citizen Lab, who identified it as a zero-click iMessage exploit by the NSO Group, the company responsible for the infamous spyware Pegasus that was in news recently. The exploit is believed to have been used to target Bahrain activists by using Pegasus to hack them.
Considering the nature of the update, it's probably in everyone's best interests to install it ASAP. The update is available for all iPhone models including and newer than the iPhone 6s.
Moreover, the update is also available on iPads (Air 2 and newer), iPod touch, macOS Big Sur 11.6, macOS Catalina, and watchOS 7.6.2.