On August 24, Citizen Lab researchers discovered that Pegasus, the dreaded spy malware from Israeli company NSO Group, was exploiting an unknown vulnerability in iMessage. Three weeks later, Apple has finally fixed the situation by releasing a security patch through iOS 14.8 and iPadOS 14.8. Of course, if you have an iPhone or iPad, our recommendation is that you update your device as soon as possible.
Although at first it was believed that iOS 14.8 was a minor update for the launch of iOS 15, from The Washington Post they collect that andl patch came by surprise precisely to address the vulnerability. In fact, on Apple’s support website it is already possible to find the security improvements of this version. Of course, nowhere does he mention the failure of iMessage.
According to the document, a vulnerability is related to CoreGraphics, the tool that allows you to render 2D graphics on iOS. Apparently, it was possible to use a malicious PDF file to bypass the security system and do arbitrary code execution. “Apple is aware of a report that indicates that this problem may have been actively exploited,” the company mentions. Referring, of course, to the Citizen Lab research.
The second vulnerability was present in WebKit, the web rendering engine. In this case, attackers could rely on “maliciously crafted web content” to cause arbitrary code execution. Again, Apple notes that it is aware of the report that exposed the failure. Following the release of iOS 14.8 and iPadOS 14.8, Apple strengthens BlastDoor, a complex security system whose objective is to defend the device from possible attacks through iMessage.
BlastDoor is hardened with iOS 14.8
Why is iMessage often targeted by attackers or Pegasus? Through this application it is possible to share different types of content such as images, videos and files, for example. Then, the chances of finding bugs that are exploited with malicious files are increased. The most recent vulnerability, as previously explained, was exploited with an infected PDF and web content. The role of BlastDoor is to process the content that is sent and received in the app within a secure and isolated environment, thus preventing a possible malware from being transferred to the operating system.