Two major security vulnerabilities are why you need to update your Apple devices immediately.<\/b>
\nThe iPhone 13 may be ready to launch tomorrow, but Apple is working fast to patch a major vulnerability to its devices with a new update for iOS 14.8, iPad 14.8, and watchOS 7.6.2, none of which were given a beta test period first. While none contain major features as you might expect in advance of tomorrow\u2019s \u201cCalifornia Streaming\u201d event, these are important security updates, as they contain fixes to two system vulnerabilities. The potentially more serious one is Pegasus, which is an invasive spyware discovered by Israel\u2019s NSO group. This \u201czero-click\u201d exploit requires no input from a phone\u2019s user to take effect, and was being used specifically against activists in Bahrain, including members of the Bahrain Centre for Human Rights. By defeating Apple\u2019s BlastDoor security system, the ForcedEntry exploit was able to install the Pegasus spyware suite for purposes of surveillance. According to the New York Times, the spyware is capable of infecting a wide range of Apple devices. Once infected, it can turn on your device\u2019s camera and microphone, record messages, and access texts, emails, and calls, even ones that are encrypted. The second vulnerability allows attackers to get around BlastDoor, which was implemented in January in order to put a line of defense between the Messages app and the rest of iOS. Messages have traditionally been the weakest link in iOS devices\u2019 security, as Apple didn\u2019t do a great job of sanitizing incoming data from other users; at its nadir, it was possible for a bad actor to take control of someone else\u2019s iPhone by sending it a specific text message or photo. BlastDoor works by filtering out incoming bad code. According to the official patch notes, the new updates affect CoreGraphics and WebKit, and fix issues that affect \u201cprocessing maliciously crafted\u201d PDFs and web content. These issues, according to Apple\u2019s characteristically vague policies, \u201cmay have been actively exploited.\u201d This follows up on the story that spread in July and August regarding a new hack, which University of Toronto researchers at the Citizen Lab called \u201cForcedEntry,\u201d which was able to defeat BlastDoor. It\u2019s significant here that Apple\u2019s new update comes one day ahead of its \u201cCalifornia Streaming\u201d event unveiling the iPhone 13 and other devices, and just ahead of the expected release of iOS 15. Monday\u2019s update could thus be the last one for iOS 14, and comes at a time when it would otherwise be easy to miss. It\u2019s reflective of the importance of the update that Apple released it at all, rather than simply kicking the can down the road and letting it get fixed with the iOS 15 rollout. All three updates are available over-the-air at the time of writing and replace iOS 14.7.1, iPadOS 14.7.1, and WatchOS 7.6.1.<\/p>\n