Apple released an update for iOS and iPadOS 14.7 that contains a number of improvements, t
including fixing security vulnerabilities for WiFi connections on its devices.
In the list of security fixes for iOS 14.7, one of the things patched is a loophole that can turn off WiFi connections when connected to a WiFi network with a specific SSID name.
Although seemingly trivial, this security vulnerability is quite serious as repairs sometimes require a 'factory reset'
Previously this fix was included by Apple in the iOS 14.7 beta, but is now available for all devices that support iOS and iPadOS 14.7. In addition, Apple also includes fixes for loopholes that could previously be exploited for denial of service attacks or arbitrary code execution.
Improvements in these software updates also occur at the kernel, ImageIO, WebKit, and other levels. Therefore, users of devices that support iOS as well as iPadOS 14.7 are advised to update the OS as soon as possible.
Apple has indeed fixed the WiFi security vulnerability through iOS 14.7, but they didn’t mention the security vulnerabilities that were recently exploited by the well-known spyware created by NSO, namely Pegasus.
However, perhaps this loophole has not been patched because the loophole itself has just been revealed, namely in a large -scale investigation that found the use of Pegasus to spy on tens of thousands of personal cell phones suspected of being targeted by NSO Group customers or governments who already own Pegasus. One of them includes the French president, Emanuel Macron.
Of the many Pegasus -infected phones, many are iPhones. Quoted from Phone Arena, Pegasus can infect an iPhone without the user clicking anything.
“The recent‘ zero click ’attack has been seen exploiting a fully patched iPhone 12 running iOS 14.6 in July 2021,” Amnesty International said.
All important data can be transported by Pegasus including email, text messages, user location to gain access to the microphone and camera. Apple was asked to act to secure the iPhone from this Pegasus attack.
Tags
GADGET