Skip to main content

Pegasus and BlastDoor are why you need to update your Apple devices immediately

The iPhone 13 may be ready to launch tomorrow, but Apple is working fast to patch a major vulnerability to its devices with a new update for iOS 14.8, iPad 14.8, and watchOS 7.6.2, none of which were given a beta test period first. While none contain major features as you might expect in advance of tomorrow’s “California Streaming” event, these are important security updates, as they contain fixes to two system vulnerabilities.

The potentially more serious one is Pegasus, which is an invasive spyware discovered by Israel’s NSO group. This “zero-click” exploit requires no input from a phone’s user to take effect, and was being used specifically against activists in Bahrain, including members of the Bahrain Centre for Human Rights. By defeating Apple’s BlastDoor security system, the ForcedEntry exploit was able to install the Pegasus spyware suite for purposes of surveillance.

Related Videos

According to the New York Times, the spyware is capable of infecting a wide range of Apple devices. Once infected, it can turn on your device’s camera and microphone, record messages, and access texts, emails, and calls, even ones that are encrypted.

Signal App
Signal

The second vulnerability allows attackers to get around BlastDoor, which was implemented in January in order to put a line of defense between the Messages app and the rest of iOS.

Messages have traditionally been the weakest link in iOS devices’ security, as Apple didn’t do a great job of sanitizing incoming data from other users; at its nadir, it was possible for a bad actor to take control of someone else’s iPhone by sending it a specific text message or photo. BlastDoor works by filtering out incoming bad code.

According to the official patch notes, the new updates affect CoreGraphics and WebKit, and fix issues that affect “processing maliciously crafted” PDFs and web content. These issues, according to Apple’s characteristically vague policies, “may have been actively exploited.”

This follows up on the story that spread in July and August regarding a new hack, which University of Toronto researchers at the Citizen Lab called “ForcedEntry,” which was able to defeat BlastDoor.

It’s significant here that Apple’s new update comes one day ahead of its “California Streaming” event unveiling the iPhone 13 and other devices, and just ahead of the expected release of iOS 15. Monday’s update could thus be the last one for iOS 14, and comes at a time when it would otherwise be easy to miss. It’s reflective of the importance of the update that Apple released it at all, rather than simply kicking the can down the road and letting it get fixed with the iOS 15 rollout.

All three updates are available over-the-air at the time of writing and replace iOS 14.7.1, iPadOS 14.7.1, and WatchOS 7.6.1.

Editors' Recommendations

Forget Verizon and AT&T — why you should build your own cell network
5G logo on the Motorola Edge (2022).

Experts say that making your own cell network is easier than you think and could give you more privacy than commercial providers. And, it's something you may want to actually consider using.

The company Ukama is launching a crowdfunding campaign that’s intended to let you be your own cell carrier. It plans to sell various pieces of equipment that will allow you to build your own network.

Read more
Are Apple AirPods waterproof? Everything you need to know
AirPods 3 on an athlete.

Whether you’re thinking about AirPods as a gift or a wireless earbud upgrade for yourself, it’s important to think about how they’ll be used so you can determine if they can stand what you're going to throw at them. For example, wearing a pair of AirPods in the rain or while sweating during a workout might not be a good idea, as early AirPods, AirPods Max, and AirPods Pro 2 models all have different levels of water resistance. So if you want to avoid damage, you should know what to watch for.

Let’s break down how waterproof each AirPods model is and what their water-resistance ratings mean for your daily activities.

Read more
Apple’s iPhone 14 Plus has a pricing problem bigger than it is
iPhone 14 and iPhone 14 Plus.

Apple's iPhone 14 Plus isn't going to set any sales records, at least according to early analysis. In fact, the 14 Plus is trailing the iPhone 13 Mini when it comes to forecasted sales. It's a shocking outcome for what was expected to be a commercial hit for the tech giant.

"The iPhone 14 and 14 Plus will be in stock on launch day, reflecting sluggish demand. For now, the pre-order results for the iPhone 14 and 14 Plus are worse than those for the iPhone SE 3 and iPhone 13 mini (both SE 3 and 13 mini were cut off in 1H22)," analyst Ming-Chi Kuo said, "The iPhone 14 Plus is a replacement for the iPhone 13 mini. However, the pre-order results for this new product were significantly lower than expected, which means that Apple's product segmentation strategy for standard models this year has failed."

Read more