Skip to main content

Pegasus and BlastDoor are why you need to update your Apple devices immediately

The iPhone 13 may be ready to launch tomorrow, but Apple is working fast to patch a major vulnerability to its devices with a new update for iOS 14.8, iPad 14.8, and watchOS 7.6.2, none of which were given a beta test period first. While none contain major features as you might expect in advance of tomorrow’s “California Streaming” event, these are important security updates, as they contain fixes to two system vulnerabilities.

The potentially more serious one is Pegasus, which is an invasive spyware discovered by Israel’s NSO group. This “zero-click” exploit requires no input from a phone’s user to take effect, and was being used specifically against activists in Bahrain, including members of the Bahrain Centre for Human Rights. By defeating Apple’s BlastDoor security system, the ForcedEntry exploit was able to install the Pegasus spyware suite for purposes of surveillance.

Recommended Videos

According to the New York Times, the spyware is capable of infecting a wide range of Apple devices. Once infected, it can turn on your device’s camera and microphone, record messages, and access texts, emails, and calls, even ones that are encrypted.

Signal App
Signal

The second vulnerability allows attackers to get around BlastDoor, which was implemented in January in order to put a line of defense between the Messages app and the rest of iOS.

Messages have traditionally been the weakest link in iOS devices’ security, as Apple didn’t do a great job of sanitizing incoming data from other users; at its nadir, it was possible for a bad actor to take control of someone else’s iPhone by sending it a specific text message or photo. BlastDoor works by filtering out incoming bad code.

According to the official patch notes, the new updates affect CoreGraphics and WebKit, and fix issues that affect “processing maliciously crafted” PDFs and web content. These issues, according to Apple’s characteristically vague policies, “may have been actively exploited.”

This follows up on the story that spread in July and August regarding a new hack, which University of Toronto researchers at the Citizen Lab called “ForcedEntry,” which was able to defeat BlastDoor.

It’s significant here that Apple’s new update comes one day ahead of its “California Streaming” event unveiling the iPhone 13 and other devices, and just ahead of the expected release of iOS 15. Monday’s update could thus be the last one for iOS 14, and comes at a time when it would otherwise be easy to miss. It’s reflective of the importance of the update that Apple released it at all, rather than simply kicking the can down the road and letting it get fixed with the iOS 15 rollout.

All three updates are available over-the-air at the time of writing and replace iOS 14.7.1, iPadOS 14.7.1, and WatchOS 7.6.1.

Thomas Hindmarch
Former Contributing writer
Thomas Hindmarch is a freelance writer with 20 years' experience in the gaming and technology fields. He has previously…
AppleCare+ prices just went up: what you need to know
The Apple iPhone 16 Pro Max's camera.

If you have AppleCare+ for iPhone, be aware of some recent changes, especially if you plan to make a new purchase soon. Effective immediately, you can only purchase an AppleCare+ for iPhone plan through monthly or annual subscriptions. This means that Apple is discontinuing the one-time upfront payment options or AppleCare+ in stores and on devices unless you buy your new phone through an online purchase.

As Bloomberg’s Mark Gurman explains: “Now, users won’t be able to pay upfront for an AppleCare+ plan at retail stores or via the AppleCare menu on the iPhone itself. Instead, they’ll need to pay monthly or annually. Apple is also prioritizing the pricier Theft & Loss plans.”

Read more
Apple may owe you money for your broken Apple Watch
Apple Watch Series 3 on wrist.

If you were an early adopter of the Apple Watch, you might be eligible for cash compensation. Apple has agreed to settle a class-action lawsuit filed five years ago. This lawsuit covers the first-generation Apple Watch, as well as the Series 1, Series 2, and Series 3 models, according to CNET. The lawsuit was initially filed in the U.S. District Court for the Northern District of California and claimed that these early Apple Watches had batteries that swelled over time, which could potentially damage other essential components.
Settlement details for users
Apple Watch Series 3 Digital Trends

Apple will compensate affected customers between $20 and $50 for the settlement. The exact amount will depend on the number of claims submitted. To be eligible, you must have owned an affected Apple Watch and contacted Apple customer service about the issue between April 24, 2015, and February 6, 2024.

Read more
If you have this Apple Watch charger, stop using it immediately. Here’s why
Belkin Boostcharge Pro.

If you own a Belkin wireless charger for your Apple Watch, it's important to be aware of a recent recall. Belkin is voluntarily recalling its BoostCharge Pro Fast Wireless Charger for Apple Watch + Power Bank 10K due to potential overheating issues that could pose a fire hazard.

This recall affects all units of the Belkin BoostCharge Pro Fast Wireless Charger for Apple Watch + Power Bank 10K, identified by model number BPD005. If you own one of these chargers, you are eligible for a full refund. While no injuries have been reported, Belkin cautions that a manufacturing defect may cause the charger's lithium cell component to overheat.
What you should do if you have the charger
If you happen to own the charger in question, don't panic. Here are a few simple steps you can take to ensure you handle it safely.

Read more