Various exploit developers tell Motherboard that Apple has included a new language to the code of iOS 14.5 that adds an extra layer of protection. The upcoming change in iOS would make zero-click exploits harder to achieve.
Recently, Apple seeded iOS 14.5 beta 2. The update to the features like new Apple Music gestures, fix for green tint issue, and new 200+ emojis. More importantly, the latest iOS 14.5 update will include the ATT privacy feature that will replace the currently used IDFA tracking system. The ATT feature is designed to give more control to users by allowing or opting-out of app tracking across websites and apps to protect their data and privacy. Therefore, it can be assumed that in the next update’s code, the company also releases a stronger protecting layer against hacking to protect users.
Apple adds a new layer of security that will prevent zero-click exploits
Hackers can access a person’s iPhone without the end-user performing any task, using zero-click attacks. It is quite difficult for OEMs to add sophisticated software that protects the operating systems against these attacks since they are hard to identify. The Vice reports that:
The company quietly made a new change in the way it secures the code running in its mobile operating system. The change is in the beta version of the next iOS version, 14.5, meaning it is currently slated to be added to the final release. Several security researchers who specialize in finding vulnerabilities in and crafting exploits for iOS believe this new mitigation will make it much harder for hackers to take control of an iPhone with a technique known as a zero-click (or 0-click) exploit, which allows a hacker to take over an iPhone with no interaction from the target. Apple also told Motherboard it believes the changes will impact 0-click attacks.
A security researcher, Adam Donenfeld said that he saw these changes when he “reverse-engineered the iOS 14.5 beta version.” By abusing unsigned pointer in data, zero-click attacks are deployed. Another security researcher from CENSUS said that the new beta has potentially “raised the bar.” The new iOS beta has signed the part that makes it ‘harder to corrupt these pointers to manipulate objects in the system.’
A close source who develops exploits for government customers told Motherboard, “it will definitely make zero-clicks harder. Sandbox escapes too. Significantly harder.” Sandboxes isolate applications from each other in an effort to prevent a code from one program from interacting with the wider operating system.
- Epic Games seeks testimony from former iOS Chief Scott Forstall for its case against Apple
- Warhammer: Odyssey MMORPG launches globally on iOS and Android
- Matterport Capture for iOS updated with LiDAR support for iPhone 12 Pro and iPad Pro (2020)
- iOS 14.5 beta 2 reveals updated subscription sheet with design changes and explicit information