Toggle Dark Mode
Only a week after releasing iOS 14.7, Apple has now pushed out iOS 14.7.1 to fix the glitch that many users were experiencing with unlocking their Apple Watch from their iPhone, and provided some new security patches as well.
The Apple Watch problem was a bit obscure, as it only affected unlocking the wearable with Touch ID on an iPhone. Everything worked just fine with more modern Face ID-equipped devices — which is probably why Apple missed it in the first place.
Of course, since iOS 14 can still run on devices all the way back to the iPhone 6s, that still includes many users who would have experienced this problem.
It wasn’t a serious issue, to be fair, as you could still unlock your Apple Watch the old-fashioned way — by tapping in your passcode directly on the watch — but it was still a bit annoying for those who were used to the convenience of putting their Apple Watch on in the morning and having everything just work as soon as they checked something on their iPhone.
An Important Security Fix
Last week’s iOS 14.7 release was already chock-full of security fixes, addressing dozens of vulnerabilities in prior versions of iOS 14 that had been brought to Apple’s attention by various security researchers.
While that was a longer list than usual, however, the good news is that there was no indication that any of those exploits had actually been used for nefarious purposes — they were all discovered by ethical security researchers before any malicious hackers got their hands on them.
However, it appears that iOS 14.7.1 closes one more hole — and it’s a big one, as Apple says that it’s likely been actively exploited.
An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.Apple
While the exact nature of the exploit isn’t entirely clear from Apple’s release notes, The Register has laid out some evidence that it’s likely intended to block NSO Group’s Pegasus spyware.
The Pegasus Project
Pegasus is a digital surveillance tool that’s been developed for several years by Israeli firm NSO Group that’s ostensibly intended to combat terrorism. It’s seemingly a noble goal, but as Apple CEO Tim Cook has pointed out in the past, every security exploit has a potential dark side, since it’s impossible to guarantee that these tools won’t fall into the wrong hands.
According to a forensic investigation by Amnesty International, that’s precisely what’s happened with Pegasus, which has reportedly been used to target and spy on dozens of “human rights defenders (HRDs) and journalists around the world.”
As usual, Apple doesn’t say who was behind the exploit — or even who reported the possibility of an active export to Apple. Further, The Register didn’t get a response when asked whether this was related to Pegasus.
However, as The Register points out, some proof-of-concept exploit code was posted to Twitter shortly after Apple’s iOS 14.7.1 security bulletin was published, and it’s related to the IOMobileFrameBuffer that’s believed to be used by Pegasus.
That said, problems in IOMobileFrameBuffer aren’t exactly new, and Apple has clearly been playing cat and mouse with hackers over this particular piece of code for years.
Still, the fact that we know that Pegasus is most definitely an “active exploit,” it’s fair to say that if Apple has closed this hole at all, it’s probably only been done as of this latest iOS 14.7.1 release. Even though iOS 14.7 had a much longer list of security fixes, Apple was not aware of any of those having been actively exploited.
Should You Be Concerned?
Pegasus is a targeted attack, and most users don’t lead interesting enough lives to be concerned about falling victim to the kind of organizations that would point industrial-grade spyware in their direction.
However, the most important thing to keep in mind is that we do not know for certain that the “actively exploited” flaw Apple mentions is referring specifically to Pegasus. This means that there could be another unknown flaw that’s actively being used more broadly against iOS 14.7 users.
Hence, while there’s no reason to become paranoid about these kinds of flaws, it’s always a very good idea to keep your iPhone updated to the latest version of iOS.
We know many folks are still hesitant to install new updates for fear of encountering bugs. However, the risks from hackers and malware are too serious to ignore—and potentially much more dangerous than the potential for small bugs that usually amount to little more than minor inconveniences.