I’ll update this story if and when they respond. I have asked Apple, and the iPhone maker hasn’t got back to me yet. Apple may not have given all the details of vulnerabilities patched in iOS 14.8 or, Apple could be about to release another security patch in addition to 14.8. The Pegasus vulnerability would fit in this bracket, as would some of the WebKit issues. One explanation for the additional fixes in iOS 15 could be that Apple is patching only critical security issues in iOS 14.8, such as those already being exploited in the wild. Meanwhile, both iOS updates patch three FontParser vulnerabilities where processing a maliciously crafted dfont file may lead to arbitrary code execution, plus one CVE in Kernal and another in Preferences. Another security issue patched in both iOS 14.8 and iOS 15 is in libexpat, which could allow an attacker to perform denial of service attacks, CVE-2013-0340. Nine of the 22 issues patched in iOS 14.8 appear in iOS 15 too: three of the WebKit vulnerabilities reported by Google-CVE-2021-30846, CVE-2021-30848 and CVE-2021-30849. However, the iOS 15 security update patches 22 vulnerabilities, and iOS 14.8 patched 14 -and there is no iOS 14.8.1 upgrade option for users on older operating systems. When Apple released iOS 14.8 last week patching issues including the flaw exploited by the Pegasus spyware, it seemed we were seeing this new iOS 15 feature in action.