According to the motherboard, Apple has come up with a way to protect iOS from zero-click exploits. These vulnerabilities are the ones that allow a hacker to take control of an iPhone without the interaction of the victim. The change developed by Apple has quietly added iOS 14.5 beta, giving iPhone users another reason to look forward to the final version of the update. Some of the features of the next iOS building include one that allows a face mask with an iPhone user to lock the phone automatically if he is wearing an unlocked Apple Watch. The update adds new emoji and the app tracking transparency feature that prevents a user from being tracked by a third-party app, unless he decides to choose to be tracked.
Apple makes use of zero-click more difficult for hackers to use in the upcoming iOS 1
4.5 update coming this spring
According to a source who develops exploits for public customers, the changes made by Apple will “… definitely make 0-clicks more difficult. Sandbox also escapes. Significantly more difficult.” With zero-click attacks that take place without any action required by the phone owner, such attacks are generally more difficult for the target to detect and are more sophisticated. A feature of iOS called ISA pointers tells the operating system which code to use. According to Apple’s Platform Security Guide, Apple now uses cryptography to validate these pointers using Pointer Authentication Codes (or PAC). This is a new form of protection for Apple and prevents hackers from using malicious code in an attack. A member of the security company Zimperium, Adam Donenfeld, noticed the change earlier this month when he reverse engineered the iOS 14.5 beta.
Zero-click exploits will be harder to pull in iOS 14.5
Not only did Apple tell the motherboard that this change would help protect the iPhone from zero-click attacks, Donenfeld said in a chat that “Today, since the pointer is signed, it’s harder to destroy these pointers to manipulate objects in the system. These objects were most used in sandbox emissions and 0clicks. “And now the bad actors are the ones who are upset. An iOS security researcher, who asked for anonymity because he was not authorized to speak to the media, said many hackers are outraged “because some techniques are now irreparably lost.”
Only in December last year was an AirDrop exploitation with zero clicks discovered. AirDrop is a feature that allows iOS users to send and receive files from other nearby iOS devices. Discovered by Google’s Project Zero, the vulnerability was patched by Apple in iOS 13.5. It only required the attacker to be within Wi-Fi distance of the target device. It took the hackers six months to exploit this vulnerability, although hackers with better technology might have had it easier. In addition, no solid evidence was ever found to show that the hackers really exploited the AirDrop vulnerability. Zero-click exploits are scary because they not only trust the user of the targeted device to do something to trigger the hack, most of the time the winner has no idea that his phone is selected until it starts to look weird. things.
Zimperiums Donenfeld points out that hackers will look for new techniques to replace those that have been lost. In addition, he says that although zero-clicks are now more difficult to draw, they are not impossible to use for attacks. “This limitation in reality probably only increases the cost of 0 clicks, but a particular attacker with a lot of resources will still be able to pull it off,” noted Jamie Bishop, one of the developers of the popular Checkra1n jailbreak. Still, by making a zero-click attack harder to pull off, iPhone users will need to install iOS 14.5 as soon as the final public release becomes available this spring.