Skip to main content

Pegasus and BlastDoor are why you need to update your Apple devices immediately

The iPhone 13 may be ready to launch tomorrow, but Apple is working fast to patch a major vulnerability to its devices with a new update for iOS 14.8, iPad 14.8, and watchOS 7.6.2, none of which were given a beta test period first. While none contain major features as you might expect in advance of tomorrow’s “California Streaming” event, these are important security updates, as they contain fixes to two system vulnerabilities.

The potentially more serious one is Pegasus, which is an invasive spyware discovered by Israel’s NSO group. This “zero-click” exploit requires no input from a phone’s user to take effect, and was being used specifically against activists in Bahrain, including members of the Bahrain Centre for Human Rights. By defeating Apple’s BlastDoor security system, the ForcedEntry exploit was able to install the Pegasus spyware suite for purposes of surveillance.

According to the New York Times, the spyware is capable of infecting a wide range of Apple devices. Once infected, it can turn on your device’s camera and microphone, record messages, and access texts, emails, and calls, even ones that are encrypted.

Signal App
Signal

The second vulnerability allows attackers to get around BlastDoor, which was implemented in January in order to put a line of defense between the Messages app and the rest of iOS.

Messages have traditionally been the weakest link in iOS devices’ security, as Apple didn’t do a great job of sanitizing incoming data from other users; at its nadir, it was possible for a bad actor to take control of someone else’s iPhone by sending it a specific text message or photo. BlastDoor works by filtering out incoming bad code.

According to the official patch notes, the new updates affect CoreGraphics and WebKit, and fix issues that affect “processing maliciously crafted” PDFs and web content. These issues, according to Apple’s characteristically vague policies, “may have been actively exploited.”

This follows up on the story that spread in July and August regarding a new hack, which University of Toronto researchers at the Citizen Lab called “ForcedEntry,” which was able to defeat BlastDoor.

It’s significant here that Apple’s new update comes one day ahead of its “California Streaming” event unveiling the iPhone 13 and other devices, and just ahead of the expected release of iOS 15. Monday’s update could thus be the last one for iOS 14, and comes at a time when it would otherwise be easy to miss. It’s reflective of the importance of the update that Apple released it at all, rather than simply kicking the can down the road and letting it get fixed with the iOS 15 rollout.

All three updates are available over-the-air at the time of writing and replace iOS 14.7.1, iPadOS 14.7.1, and WatchOS 7.6.1.

Editors' Recommendations

Thomas Hindmarch
Contributing writer
Thomas Hindmarch is a freelance writer with 20 years' experience in the gaming and technology fields. He also writes for…
This is the Apple Watch Ultra 2, and it looks stunning
Apple Watch Ultra 2

Last year, the Apple Watch Ultra chiseled a new category of lifestyle products. While a segment of adventure-centered smartwatches already existed, the Apple Watch Ultra merged the gap between bulky, sometimes distastefully designed outdoorsy smartwatches and ones fitting every occasion.

Apple announced the Apple Watch Ultra 2, with some notable improvements over the first generation, at its big September 2023 event, alongside the iPhone 15 and the Apple Watch Series 9. It's not a particularly flashy or eye-catching upgrade, but it should be important nonetheless.
A faster (and smarter) S9 chip

Read more
The Apple Watch Series 9 is here, and it’s hiding a big upgrade
Apple Watch Series 9.

Apple's September 2023 event is proving to be a packed show, and among the announcements has been the Apple Watch Series 9.

The Apple Watch Series 9 might seem like an iterative upgrade compared to the Apple Watch Series 8, and in many regards, it is. We're looking at a very familiar design, similar health-tracking features, etc. But there is one big upgrade that makes the Apple Watch Series 9 more exciting than you might initially realize, even beside the much flashier Apple Watch Ultra 2.
There's a new S9 chip — and it's a big deal

Read more
How to watch Apple’s iPhone 15 event today: 5 easy ways
A screenshot of Apple event links from the Apple TV app on an iPhone

Apple's next press event is set to kick off today, Tuesday, September 12, beginning at 10:00 a.m. PT / 1:00 p.m. ET. The uniquely named "Wonderlust" event will almost certainly introduce the world to the iPhone 15 series and next-generation Apple Watches — including the Apple Watch Series 9 and Apple Watch Ultra 2. We could also see USB-C finally arriving on the Apple AirPods Pro.

Like last year's event, the iPhone 15 event will be streamed across various platforms, including Apple's website, on iPhone/iPad and Apple TV, X (formerly known as Twitter), and YouTube. Here's a look at how to stream the highly anticipated event as it happens later today.
How to watch the iPhone 15 event on your iPhone or iPad

Read more