iOS 14.5 to Make Zero-Click Attacks 'Significantly Harder'
Apple's impending iOS and iPadOS 14.5 update will make zero-click attacks considerably more difficult by extending PAC security provisions, according to Motherboard.
Apple has made a change to the way in which it secures its code in the latest betas of iOS 14.5 and iPadOS 14.5 to make zero-click attacks much harder. The change, spotted by security researchers, has now been confirmed by Apple and is slated to be included in the final update.
Zero-click attacks allow hackers to break into a target without the need for victim interaction, such as clicking a malicious phishing link. Zero-click attacks are therefore considerably harder for targeted users to detect and are considered to be much more sophisticated.
Since 2018, Apple has used Pointer Authentication Codes (PAC) to prevent attackers from leveraging corrupted memory to inject malicious code. Cryptography is applied to authenticate pointers and validate them before they are used. ISA pointers instruct a program about what code it should use when it runs on iOS. By using cryptography to sign these pointers, Apple is now extending PAC protection to ISA pointers.
"Nowadays, since the pointer is signed, it is harder to corrupt these pointers to manipulate objects in the system. These objects were used mostly in sandbox escapes and zero-clicks," security firm Zimperium's Adam Donenfeld told Motherboard. The change will "definitely make zero-clicks harder. Sandbox escapes too. Significantly harder." Sandboxes aim to isolate applications from each other to stop code from a program interacting with the wider operating system.
While zero-clicks will not be eradicated through this change, many of the exploits used by hackers and governmental organizations will now be "irretrievably lost." Hackers will now need to find new techniques to implement zero-click attacks on iPhone and iPad, but the security improvements to ISA pointers are likely to make a significant impact on the overall number of attacks on these devices.
Related Stories
macOS Big Sur 11.4, which was released this morning, addresses a zero-day vulnerability that could allow attackers to piggyback off of apps like Zoom, taking secret screenshots and surrepetiously recording the screen.
Jamf, a mobile device management company, today highlighted a security issue that allowed Privacy preferences to be bypassed, providing an attacker with Full Disk Access,...
Apple's recently released macOS Big Sur 11.4 update addresses a serious security vulnerability, so all users should complete the software update immediately.
Jamf, a mobile device management company, raised a major security issue in macOS Big Sur that allowed attackers to piggyback apps like Zoom to surreptitiously take screenshots and record the screen. The exploit allowed a user's Privacy...
Following the conclusion of today's keynote event that saw the unveiling of new versions of iOS, iPadOS, macOS, watchOS, and tvOS, Apple has made the first betas of iOS and iPadOS 15 available to developers for testing purposes. Registered developers can download the profile for the first iOS and iPadOS betas from the Apple Developer Center, and once the profile is installed, beta updates...
Google has released Chrome version 88.0.4324.150 with an important fix for a zero-day vulnerability in the web browser that the company says is likely to have been exploited in the wild.
Google hasn't provided specific details about the heap buffer overflow memory corruption bug known as CVE-2021-21148, and says it won't do so "until a majority of users are updated with a fix."
However, ZDNe...
Apple today seeded the second betas of new iOS and iPadOS 14.7 updates to developers for testing purposes, one week after seeding the first iOS and iPadOS 14.7 updates.
iOS and iPadOS 14.7 can be downloaded through the Apple Developer Center or over the air after the proper profile has been installed on an iPhone or iPad.
The new iOS and iPadOS 14.7 updates may be focused on...
AirDrop is a feature that allows Apple devices to securely and conveniently transfer files, photos, and more between each other wirelessly. Users can share items with their own devices, friends, family, or even strangers. The convenience and ease of use, however, may be undermined by a newly discovered security flaw.
Researchers at TU Darmstadt have discovered that the process which AirDrop...
Apple today released iOS and iPadOS 14.5.1, minor security updates that come just a week after the release of the iOS 14.5 update. There is also a companion watchOS 7.4.1 update for Apple Watch and an iOS 12.5.3 update for older iPhone and iPad devices that don't support Apple's latest operating system versions.
According to Apple's release notes, the update fixes a bug with App Tracking...
A Florida teenager who was accused of being the "mastermind" behind a July 2020 Twitter hack that affected Apple has agreed to a plea deal that will see him spending three years in prison, according to the Tampa Bay Times.
Graham Ivan Clark, alongside others, compromised the Twitter accounts of 130 prominent companies and individuals to solicit Bitcoin, scamming people out of more than...
iOS 14 is now installed on 90 percent of iPhones that were introduced in the last four years, according to updated iOS 14 adoption rate numbers shared by Apple.
Eight percent of iPhones introduced in the last four years run iOS 13, while two percent continue to run an earlier version of iOS.
85 percent of all iPhones (including those older than four years) are running iOS 14, with eight...
Back in 2015, a malware-infected version of Xcode began circulating in China, and malware-ridden "XcodeGhost" apps made their way into Apple's App Store and past the App Store review team.
There were more than 50 known infected iOS apps at the time, including major apps like WeChat, NetEase, and Didi Taxi, with up to 500 million iOS users potentially impacted. It's been a long time since the ...
Top Rated Comments