Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
65,280
33,555


Apple's impending iOS and iPadOS 14.5 update will make zero-click attacks considerably more difficult by extending PAC security provisions, according to Motherboard.

14.5-on-iPhone-12-feature-2-1.jpg


Apple has made a change to the way in which it secures its code in the latest betas of iOS 14.5 and iPadOS 14.5 to make zero-click attacks much harder. The change, spotted by security researchers, has now been confirmed by Apple and is slated to be included in the final update.

Zero-click attacks allow hackers to break into a target without the need for victim interaction, such as clicking a malicious phishing link. Zero-click attacks are therefore considerably harder for targeted users to detect and are considered to be much more sophisticated.

Since 2018, Apple has used Pointer Authentication Codes (PAC) to prevent attackers from leveraging corrupted memory to inject malicious code. Cryptography is applied to authenticate pointers and validate them before they are used. ISA pointers instruct a program about what code it should use when it runs on iOS. By using cryptography to sign these pointers, Apple is now extending PAC protection to ISA pointers.

"Nowadays, since the pointer is signed, it is harder to corrupt these pointers to manipulate objects in the system. These objects were used mostly in sandbox escapes and zero-clicks," security firm Zimperium's Adam Donenfeld told Motherboard. The change will "definitely make zero-clicks harder. Sandbox escapes too. Significantly harder." Sandboxes aim to isolate applications from each other to stop code from a program interacting with the wider operating system.

While zero-clicks will not be eradicated through this change, many of the exploits used by hackers and governmental organizations will now be "irretrievably lost." Hackers will now need to find new techniques to implement zero-click attacks on iPhone and iPad, but the security improvements to ISA pointers are likely to make a significant impact on the overall number of attacks on these devices.

Article Link: iOS 14.5 to Make Zero-Click Attacks 'Significantly Harder'
 

acblue94

macrumors 6502a
Jul 26, 2011
549
969
New York, NY.


Apple's impending iOS and iPadOS 14.5 update will make zero-click attacks considerably more difficult by extending PAC security provisions, according to Motherboard.

14.5-on-iPhone-12-feature-2-1.jpg


Apple has made a change to the way in which it secures its code in the latest betas of iOS 14.5 and iPadOS 14.5 to make zero-click attacks much harder. The change, spotted by security researchers, has now been confirmed by Apple and is slated to be included in the final update.

Zero-click attacks allow hackers to break into a target without the need for victim interaction, such as clicking a malicious phishing link. Zero-click attacks are therefore considerably harder for targeted users to detect and are considered to be much more sophisticated.

Since 2018, Apple has used Pointer Authentication Codes (PAC) to prevent attackers from leveraging corrupted memory to inject malicious code. Cryptography is applied to authenticate pointers and validate them before they are used. ISA pointers instruct a program about what code it should use when it runs on iOS. By using cryptography to sign these pointers, Apple is now extending PAC protection to ISA pointers.

"Nowadays, since the pointer is signed, it is harder to corrupt these pointers to manipulate objects in the system. These objects were used mostly in sandbox escapes and zero-clicks," security firm Zimperium's Adam Donenfeld told Motherboard. The change will "definitely make zero-clicks harder. Sandbox escapes too. Significantly harder." Sandboxes aim to isolate applications from each other to stop code from a program interacting with the wider operating system.

While zero-clicks will not be eradicated through this change, many of the exploits used by hackers and governmental organizations will now be "irretrievably lost." Hackers will now need to find new techniques to implement zero-click attacks on iPhone and iPad, but the security improvements to ISA pointers are likely to make a significant impact on the overall number of attacks on these devices.

Article Link: iOS 14.5 to Make Zero-Click Attacks 'Significantly Harder'
How about fix HomeKit. My custom wallpapers continue to reset and default back to the green wallpaper.
 
  • Sad
Reactions: Babygotfont

Realityck

macrumors G4
Nov 9, 2015
11,134
16,855
Silicon Valley, CA
Apple's impending iOS and iPadOS 14.5 update will make zero-click attacks considerably more difficult by extending PAC security provisions, according to Motherboard.

While zero-clicks will not be eradicated through this change, many of the exploits used by hackers and governmental organizations will now be "irretrievably lost." Hackers will now need to find new techniques to implement zero-click attacks on iPhone and iPad, but the security improvements to ISA pointers are likely to make a significant impact on the overall number of attacks on these devices.
Good for Apple improving iOS and iPadOS security. ?
 
  • Disagree
Reactions: Babygotfont

BWhaler

macrumors 68040
Jan 8, 2003
3,789
6,249
I’ve said it before, and I’ll say it again, 14.5 is looking to be epic.

I hope Apple is pounding out bugs and optimizing behinds the scenes too.
 
  • Disagree
Reactions: Babygotfont

hatchettjack

macrumors 6502a
Oct 1, 2020
509
371
I was very tempted. However, I think in another month, 14.5 will be released. I wouldn't want to risk messing up my watch without being able to downgrade. If I did the beta for the phone, I would want to get the features on the watch as well.
I’ve got the watch beta too! It works amazing as well
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.