iOS 14.5 to Make Zero-Click Attacks 'Significantly Harder'

Apple's impending iOS and iPadOS 14.5 update will make zero-click attacks considerably more difficult by extending PAC security provisions, according to Motherboard.

14

Apple has made a change to the way in which it secures its code in the latest betas of iOS 14.5 and iPadOS 14.5 to make zero-click attacks much harder. The change, spotted by security researchers, has now been confirmed by Apple and is slated to be included in the final update.

Zero-click attacks allow hackers to break into a target without the need for victim interaction, such as clicking a malicious phishing link. Zero-click attacks are therefore considerably harder for targeted users to detect and are considered to be much more sophisticated.

Since 2018, Apple has used Pointer Authentication Codes (PAC) to prevent attackers from leveraging corrupted memory to inject malicious code. Cryptography is applied to authenticate pointers and validate them before they are used. ISA pointers instruct a program about what code it should use when it runs on iOS. By using cryptography to sign these pointers, Apple is now extending PAC protection to ISA pointers.

"Nowadays, since the pointer is signed, it is harder to corrupt these pointers to manipulate objects in the system. These objects were used mostly in sandbox escapes and zero-clicks," security firm Zimperium's Adam Donenfeld told Motherboard. The change will "definitely make zero-clicks harder. Sandbox escapes too. Significantly harder." Sandboxes aim to isolate applications from each other to stop code from a program interacting with the wider operating system.

While zero-clicks will not be eradicated through this change, many of the exploits used by hackers and governmental organizations will now be "irretrievably lost." Hackers will now need to find new techniques to implement zero-click attacks on iPhone and iPad, but the security improvements to ISA pointers are likely to make a significant impact on the overall number of attacks on these devices.

Top Rated Comments

Skika Avatar
16 months ago

if only they made zero-click Siri interactions easier
Why the negative/cynical spin on everything?
Score: 19 Votes (Like | Disagree)
_Spinn_ Avatar
16 months ago
More great security improvements. I'm glad Apple is keeping up these kinds of updates.
Score: 13 Votes (Like | Disagree)
macsplusmacs Avatar
16 months ago
always good to hear they are staying on top of things like this.
Score: 9 Votes (Like | Disagree)
farewelwilliams Avatar
16 months ago
if only they made zero-click Siri interactions easier
Score: 6 Votes (Like | Disagree)
I7guy Avatar
16 months ago
I like how Apple just does these stealth improvements and then wham, forces some big change somewhere.
Score: 4 Votes (Like | Disagree)
Apple_Robert Avatar
16 months ago

When do we expect it to release?
Whenever 14.5 is released.
Score: 3 Votes (Like | Disagree)

Related Stories

iOS 15

Apple Seeds Fifth Betas of iOS 15.4 and iPadOS 15.4 to Developers [Update: Public Beta Available]

Tuesday March 1, 2022 10:04 am PST by
Apple today seeded the fifth betas of upcoming iOS 15.4 and iPadOS 15.4 updates to developers for testing purposes, with the new software coming one week after Apple seeded the fourth betas of iOS 15.4 and iPadOS 15.4. Developers can download iOS 15.4 and iPadOS 15.4 through the Apple Developer Center or over the air after the proper profile has been installed on an iPhone or iPad. iOS...
iOS 14 vs 15 feature

Apple Says Option to Stay on iOS 14 Was Always Meant to Be Temporary

Wednesday January 19, 2022 9:57 am PST by
Last week, MacRumors shared news that Apple had stopped releasing iOS 14 security updates and was pushing those still on iOS 14 to upgrade to iOS 15, an apparent reversal of a promise to allow users to stay on the iOS 14 operating system. Apple today told Ars Technica that the option to stay on iOS 14 and avoid the iOS 15 upgrade was always meant to be temporary. It is not a mistake that...
apple bitcoin hack

22-Year-Old UK Citizen Arrested for 2020 Twitter Hack Affecting Apple

Wednesday July 21, 2021 10:47 am PDT by
The United States Justice Department has continued pursuing those responsible for a 2020 Twitter hack that saw the accounts of high-profile companies and individuals hacked as part of a Bitcoin scam. Several people have already been arrested and charged for the attack, and the DoJ today announced (via The Verge) that 22-year-old Joseph O'Connor, aka "PlugWalkJoe," has also been arrested....
iOS App Store General Feature JoeBlue

U.S. Bills Allowing Sideloading Would Cause Consumers to Be Hit With 'Malware, Ransomware, and Scams,' Says Apple

Tuesday January 18, 2022 11:42 am PST by
U.S. bills that would require major changes to the App Store would ultimately cause consumers to be targeted with malware, ransomware, and scams, Apple's Senior Director of Government Affairs Timothy Powderly said in a letter that was sent today to the Senate Judiciary Committee and that was obtained by MacRumors. Apple sent the letter as the Judiciary Committee prepares to consider the Amer...
iOS App Store General Feature Orange

Apple Seeds Second Betas of iOS 15.4 and iPadOS 15.4 to Developers

Tuesday February 8, 2022 10:04 am PST by
Apple today seeded the second betas of upcoming iOS 15.4 and iPadOS 15.4 updates to developers for testing purposes, with the new software coming two weeks after Apple seeded the first betas of iOS 15.4 and iPadOS 15.4. Developers can download iOS 15.4 and iPadOS 15.4 through the Apple Developer Center or over the air after the proper profile has been installed on an iPhone or iPad. Apple...
appleprivacyad cleaned

iOS 15 Patched Security Hole That Potentially Exposed Users' Private Apple ID Information to Third-Party Apps

Thursday January 20, 2022 3:32 am PST by
Apple patched two significant security vulnerabilities when it released iOS 15 that could have potentially exposed users' private Apple ID information and in-app search history to malicious third-party apps and allowed apps to override user Privacy preferences, Apple has revealed in a recent support document update. With most iOS, macOS, tvOS, and watchOS updates, Apple provides a list of...
powerdir exploit microsoft

Microsoft Discovered New 'Powerdir' macOS Vulnerability, Fixed in 12.1 Update

Monday January 10, 2022 9:17 am PST by
Microsoft's 365 Defender Research Team this morning published details on a new "Powerdir" macOS vulnerability that let an attacker bypass the Transparency, Consent, and Control technology to gain unauthorized access to protected data. Apple already addressed the CVE-2021-30970 vulnerability in the macOS Monterey 12.1 update that was released in December, so users who have updated to the...
tmobilelogo

T-Mobile's Latest Data Breach Linked to SIM Swap Attacks

Wednesday December 29, 2021 10:15 am PST by
Back in August, T-Mobile suffered a massive data breach impacting more than 50 million current, former, and prospective T-Mobile users, and now the cellular company is dealing with another smaller data breach incident. Reports yesterday suggested that T-Mobile was aware of unauthorized activity affecting some customer accounts, and now, T-Mobile has confirmed that those reports were due to...

Popular Stories

apple ar headset concept 1

Apple's Headset Said to Feature 14 Cameras Enabling Lifelike Avatars, Jony Ive Has Remained Involved With Design

Friday May 20, 2022 6:50 am PDT by
Earlier this week, The Information's Wayne Ma outlined struggles that Apple has faced during the development of its long-rumored AR/VR headset. Now, in a follow-up report, he has shared several additional details about the wearable device. Apple headset render created by Ian Zelbo based on The Information reporting For starters, one of the headset's marquee features is said to be lifelike...
anker 563 dock ports

Anker's Latest USB-C Docking Station Brings Triple-Display Support to M1 Macs

Wednesday May 18, 2022 7:06 am PDT by
While Apple's early M1-based Macs can only officially support a single external display, there are ways around the limitation. Anker is launching a new 10-in-1 USB-C docking station today which delivers just that. The Anker 563 USB-C dock includes two HDMI ports and a DisplayPort port, and it leverages DisplayLink to carry multiple video signals over a single connection. Given that this hub...
apple data auction iphone privacy ad

Apple Highlights iPhone's Latest Privacy Features in New 'Data Auction' Ad

Wednesday May 18, 2022 9:00 am PDT by
Apple today shared a new ad highlighting iPhone privacy features like App Tracking Transparency and Mail Privacy Protection that are designed to give users more transparency and control when it comes to their personal data being collected. The ad revolves around a young woman named Ellie who discovers that her personal data is being sold at an auction house, with bids being placed on her...
Prosser Series 8 3

Apple Watch Series 8 Rumored to Feature New Design With Flat Display

Wednesday May 18, 2022 6:21 am PDT by
The Apple Watch Series 8 could feature an all-new design with a flat display, according to the leaker known as "ShrimpApplePro." In his latest video on the YouTube channel Front Page Tech, Jon Prosser highlighted information from ShrimpApplePro that suggests the Apple Watch Series 8 could feature a flat display in what seems to be a design originally rumored for the Apple Watch Series 7. ...
sony headphones 1

Sony's New WH-1000XM5 Headphones vs. Apple's AirPods Max

Friday May 20, 2022 12:18 pm PDT by
Sony this week came out with an updated version of its popular over-ear noise canceling headphones, so we picked up a pair to compare them to the AirPods Max to see which headphones are better and whether it's worth buying the $400 WH-1000XM5 from Sony over Apple's $549 AirPods Max. Subscribe to the MacRumors YouTube channel for more videos. First of all, the AirPods Max win out when it comes ...
iPhone 14 Purple Lineup Feature

Will the iPhone 14 Be a Disappointment?

Saturday May 21, 2022 9:00 am PDT by
With around four months to go before Apple is expected to unveil the iPhone 14 lineup, the overwhelming majority of rumors related to the new devices so far have focused on the iPhone 14 Pro, rather than the standard iPhone 14 – leading to questions about how different the iPhone 14 will actually be from its predecessor, the iPhone 13. The iPhone 14 Pro and iPhone 14 Pro Max are expected...
apple ar headset concept 2

Apple's AR/VR Headset Nearing Completion as Board Gets Demo

Thursday May 19, 2022 9:52 am PDT by
Apple last week demonstrated its upcoming AR/VR headset to Apple board members, indicating that the device is in an advanced stage of development and could see a debut in the not too distant future, reports Bloomberg. Apple has also ramped up development of the software that runs on the headset, with that software expected to be called "RealityOS," or rOS for short. Render via designer Ian ...