Apple today
released a set of
urgent security updates for iOS, watchOS, macOS, and Safari for Mac. The updates fix a previously-unknown zero-day security flaw that enabled "arbitrary code execution" when viewing a maliciously crafted PDF file, which could be transmitted by visiting a web page and/or receiving an iMessage. All versions of iOS prior to today's 14.8 update are vulnerable.
The Citizen Lab, which found the issue and reported it to Apple, claims the exploit is already in use in the wild. It was used to silently install NSO Group's Pegasus spyware on the iPhone of a Saudi activist. All users of Apple devices should install the updates immediately.