Skip to main content

Pegasus and BlastDoor are why you need to update your Apple devices immediately

The iPhone 13 may be ready to launch tomorrow, but Apple is working fast to patch a major vulnerability to its devices with a new update for iOS 14.8, iPad 14.8, and watchOS 7.6.2, none of which were given a beta test period first. While none contain major features as you might expect in advance of tomorrow’s “California Streaming” event, these are important security updates, as they contain fixes to two system vulnerabilities.

The potentially more serious one is Pegasus, which is an invasive spyware discovered by Israel’s NSO group. This “zero-click” exploit requires no input from a phone’s user to take effect, and was being used specifically against activists in Bahrain, including members of the Bahrain Centre for Human Rights. By defeating Apple’s BlastDoor security system, the ForcedEntry exploit was able to install the Pegasus spyware suite for purposes of surveillance.

According to the New York Times, the spyware is capable of infecting a wide range of Apple devices. Once infected, it can turn on your device’s camera and microphone, record messages, and access texts, emails, and calls, even ones that are encrypted.

Signal App
Signal

The second vulnerability allows attackers to get around BlastDoor, which was implemented in January in order to put a line of defense between the Messages app and the rest of iOS.

Messages have traditionally been the weakest link in iOS devices’ security, as Apple didn’t do a great job of sanitizing incoming data from other users; at its nadir, it was possible for a bad actor to take control of someone else’s iPhone by sending it a specific text message or photo. BlastDoor works by filtering out incoming bad code.

According to the official patch notes, the new updates affect CoreGraphics and WebKit, and fix issues that affect “processing maliciously crafted” PDFs and web content. These issues, according to Apple’s characteristically vague policies, “may have been actively exploited.”

This follows up on the story that spread in July and August regarding a new hack, which University of Toronto researchers at the Citizen Lab called “ForcedEntry,” which was able to defeat BlastDoor.

It’s significant here that Apple’s new update comes one day ahead of its “California Streaming” event unveiling the iPhone 13 and other devices, and just ahead of the expected release of iOS 15. Monday’s update could thus be the last one for iOS 14, and comes at a time when it would otherwise be easy to miss. It’s reflective of the importance of the update that Apple released it at all, rather than simply kicking the can down the road and letting it get fixed with the iOS 15 rollout.

All three updates are available over-the-air at the time of writing and replace iOS 14.7.1, iPadOS 14.7.1, and WatchOS 7.6.1.

Thomas Hindmarch
Thomas Hindmarch is a freelance writer with 20 years' experience in the gaming and technology fields. He has previously…
Everything Apple didn’t announce at its iPhone 15 event
Apple's September 2023 event Tim Cook

Yesterday's iPhone 15 event revolved solely around the iPhone 15/iPhone 15 Plus, iPhone 15 Pro/Pro Max, and Apple Watch Series 9 (along with Apple Watch Ultra 2). As a result, no new iPads, Macs, or audio products were announced. This news isn't surprising, and the omissions suggest another Apple event may occur before the year's end, although this has yet to be confirmed and may not happen for a few weeks.

There are a lot of would-be Apple products that could make appearances in the coming weeks or months — but weren't shown at today's event.
New iPads

Read more
Apple totally wasted the iPhone 15’s biggest design change
Colors of iPhone 15 Pro.

The Apple iPhone 15, regardless of which model you buy, has a USB-C connector and not the old Lightning cable connector on the bottom.

This huge design change could have brought with it a truly new and exciting feature to the latest iPhone. But it’s as dreary and uninteresting as you’d expect a new cable and port to be, and that makes it a truly wasted opportunity.
What did we want?
The OnePlus 11 fast charging using USB C. Andy Boxall / Digital Trends

Read more
Apple’s new Lightning to USB-C adapter costs more than just buying a USB-C cable
Apple Store listing for an Apple Lightning to USB-C adapter cable.

I don't think the iPhone 15's transition to USB-C is going to be all that painful. Yes, the Lightning plug has found its way to every corner of the world, and you're just as likely to find one to charge up your phone as you are any other cable when you're desperate for some juice, but we can't discount just how many USB-C chargers, cables, and accessories there are out in the world already. This is going to go just fine.

But you can always count on Apple to take advantage of switching standards with some hilariously priced -- and borderline pointless -- adapters to ease the transition for people who don't know any better but to click a few extra buttons and purchase official accessories when they're buying their latest device. Enter Apple's USB-C to Lightning adapter, which is conveniently already available on the Apple Store.

Read more