iOS 14.5 to Make Zero-Click Attacks 'Significantly Harder'

Apple's impending iOS and iPadOS 14.5 update will make zero-click attacks considerably more difficult by extending PAC security provisions, according to Motherboard.

14

Apple has made a change to the way in which it secures its code in the latest betas of iOS 14.5 and iPadOS 14.5 to make zero-click attacks much harder. The change, spotted by security researchers, has now been confirmed by Apple and is slated to be included in the final update.

Zero-click attacks allow hackers to break into a target without the need for victim interaction, such as clicking a malicious phishing link. Zero-click attacks are therefore considerably harder for targeted users to detect and are considered to be much more sophisticated.

Since 2018, Apple has used Pointer Authentication Codes (PAC) to prevent attackers from leveraging corrupted memory to inject malicious code. Cryptography is applied to authenticate pointers and validate them before they are used. ISA pointers instruct a program about what code it should use when it runs on iOS. By using cryptography to sign these pointers, Apple is now extending PAC protection to ISA pointers.

"Nowadays, since the pointer is signed, it is harder to corrupt these pointers to manipulate objects in the system. These objects were used mostly in sandbox escapes and zero-clicks," security firm Zimperium's Adam Donenfeld told Motherboard. The change will "definitely make zero-clicks harder. Sandbox escapes too. Significantly harder." Sandboxes aim to isolate applications from each other to stop code from a program interacting with the wider operating system.

While zero-clicks will not be eradicated through this change, many of the exploits used by hackers and governmental organizations will now be "irretrievably lost." Hackers will now need to find new techniques to implement zero-click attacks on iPhone and iPad, but the security improvements to ISA pointers are likely to make a significant impact on the overall number of attacks on these devices.

Related Roundups: iOS 14, iPadOS 14
Related Forum: iOS 14

Top Rated Comments

Skika Avatar
22 weeks ago

if only they made zero-click Siri interactions easier
Why the negative/cynical spin on everything?
Score: 19 Votes (Like | Disagree)
_Spinn_ Avatar
22 weeks ago
More great security improvements. I'm glad Apple is keeping up these kinds of updates.
Score: 13 Votes (Like | Disagree)
macsplusmacs Avatar
22 weeks ago
always good to hear they are staying on top of things like this.
Score: 9 Votes (Like | Disagree)
farewelwilliams Avatar
22 weeks ago
if only they made zero-click Siri interactions easier
Score: 6 Votes (Like | Disagree)
I7guy Avatar
22 weeks ago
I like how Apple just does these stealth improvements and then wham, forces some big change somewhere.
Score: 4 Votes (Like | Disagree)
Apple_Robert Avatar
22 weeks ago

When do we expect it to release?
Whenever 14.5 is released.
Score: 3 Votes (Like | Disagree)

Top Stories

jamf malware secret screenshots

macOS Big Sur 11.4 Addresses Vulnerability That Could Let Attackers Take Secret Screenshots

Monday May 24, 2021 5:26 pm PDT by
macOS Big Sur 11.4, which was released this morning, addresses a zero-day vulnerability that could allow attackers to piggyback off of apps like Zoom, taking secret screenshots and surrepetiously recording the screen. Jamf, a mobile device management company, today highlighted a security issue that allowed Privacy preferences to be bypassed, providing an attacker with Full Disk Access,...
macOS Big Sur Feature Blue

Update to macOS 11.4 NOW - Someone Could Be Spying On You

Sunday May 30, 2021 9:40 am PDT by
Apple's recently released macOS Big Sur 11.4 update addresses a serious security vulnerability, so all users should complete the software update immediately. Jamf, a mobile device management company, raised a major security issue in macOS Big Sur that allowed attackers to piggyback apps like Zoom to surreptitiously take screenshots and record the screen. The exploit allowed a user's Privacy...
iOS 15 icon mock banner

Apple Seeds First Betas of iOS and iPadOS 15 to Developers

Monday June 7, 2021 12:02 pm PDT by
Following the conclusion of today's keynote event that saw the unveiling of new versions of iOS, iPadOS, macOS, watchOS, and tvOS, Apple has made the first betas of iOS and iPadOS 15 available to developers for testing purposes. Registered developers can download the profile for the first iOS and iPadOS betas from the Apple Developer Center, and once the profile is installed, beta updates...
Google Chrome Material Icon 450x450

Latest Chrome 88 Update Includes Important Fix for Zero-Day Vulnerability

Friday February 5, 2021 2:08 am PST by
Google has released Chrome version 88.0.4324.150 with an important fix for a zero-day vulnerability in the web browser that the company says is likely to have been exploited in the wild. Google hasn't provided specific details about the heap buffer overflow memory corruption bug known as CVE-2021-21148, and says it won't do so "until a majority of users are updated with a fix." However, ZDNe...
14

Apple Seeds Second Betas of iOS and iPadOS 14.7 to Developers

Wednesday June 2, 2021 10:10 am PDT by
Apple today seeded the second betas of new iOS and iPadOS 14.7 updates to developers for testing purposes, one week after seeding the first iOS and iPadOS 14.7 updates. iOS and iPadOS 14.7 can be downloaded through the Apple Developer Center or over the air after the proper profile has been installed on an iPhone or iPad. The new iOS and iPadOS 14.7 updates may be focused on...
airdrop logo

Researchers Discover AirDrop Security Flaw That Could Expose Personal Data to Strangers

Friday April 23, 2021 4:36 am PDT by
AirDrop is a feature that allows Apple devices to securely and conveniently transfer files, photos, and more between each other wirelessly. Users can share items with their own devices, friends, family, or even strangers. The convenience and ease of use, however, may be undermined by a newly discovered security flaw. Researchers at TU Darmstadt have discovered that the process which AirDrop...
iOS 14 on iPhone feature emergency

Apple Releases iOS and iPadOS 14.5.1 With Fixes for App Tracking Transparency Bug, WebKit Security Issues

Monday May 3, 2021 10:04 am PDT by
Apple today released iOS and iPadOS 14.5.1, minor security updates that come just a week after the release of the iOS 14.5 update. There is also a companion watchOS 7.4.1 update for Apple Watch and an iOS 12.5.3 update for older iPhone and iPad devices that don't support Apple's latest operating system versions. According to Apple's release notes, the update fixes a bug with App Tracking...
apple bitcoin hack

Florida Teenager to Spend 3 Years in Prison for Twitter Hack That Affected Apple

Tuesday March 16, 2021 11:54 am PDT by
A Florida teenager who was accused of being the "mastermind" behind a July 2020 Twitter hack that affected Apple has agreed to a plea deal that will see him spending three years in prison, according to the Tampa Bay Times. Graham Ivan Clark, alongside others, compromised the Twitter accounts of 130 prominent companies and individuals to solicit Bitcoin, scamming people out of more than...
All iPhones on iOS 14 6

iOS 14 Now Installed on 90% of iPhones Released in Last Four Years

Friday June 4, 2021 10:35 am PDT by
iOS 14 is now installed on 90 percent of iPhones that were introduced in the last four years, according to updated iOS 14 adoption rate numbers shared by Apple. Eight percent of iPhones introduced in the last four years run iOS 13, while two percent continue to run an earlier version of iOS. 85 percent of all iPhones (including those older than four years) are running iOS 14, with eight...
XcodeGhost Featured1

'XcodeGhost' Malware Attack in 2015 Impacted 128 Million iOS Users, According to Trial Documents

Friday May 7, 2021 12:55 pm PDT by
Back in 2015, a malware-infected version of Xcode began circulating in China, and malware-ridden "XcodeGhost" apps made their way into Apple's App Store and past the App Store review team. There were more than 50 known infected iOS apps at the time, including major apps like WeChat, NetEase, and Didi Taxi, with up to 500 million iOS users potentially impacted. It's been a long time since the ...