Apple is doing its best to stay a step ahead of the hackers. It’s a constant game with all players continually working on it. But Apple just pulled ahead. It made a change to a beta version of iOS 14.5 that will make zero-click attacks less successful.
iOS 14.5 Update Security Change
Multiple security researchers specializing in iOS vulnerabilities believe this new update to iOS 14.5 will make it much more difficult for hackers to utilize zero-click attacks on iPhones. These attacks allow hackers to take control with no interaction on the part of the user. Without that interaction, it makes them harder to detect. Apple said it believes its iOS update will impact the zero-click attacks game.
“It will definitely make zero-clicks harder. Sandbox escapes, too. Significantly harder,” explained a source who develops exploits for the government when speaking to Motherboard.
Apple’s update will utilize sandboxes. These isolate apps, trying to stop the code of an app from affecting the operating system.
The iOS 14.5 update utilizes a 2018 technology: pointer authentication codes (PAC). These protect iPhone users from exploits that add malicious code by preventing hackers from getting access to corrupted memory.
Cryptography authenticates the pointers, validating them before they’re used. iOS code includes ISA pointers that tell a program what code to use. By using cryptography, Apple granted PAC protections to ISA pointers.
“Nowadays, since the pointer is signed, it is harder to corrupt these pointers to manipulate objects in the system. These objects were used mostly in sandbox escapes and zero-clicks,” explained Adam Donenfeld of the security firm Zimperium. He added that he noticed the iOS 14.5 change when he reverse-engineered the beta update.
While saying that Apple believes the change will make zero-click attacks more difficult, a company representative also noted the iPhone’s security will depend on multiple mitigations being dialed up at once.
Moving Forward
An iOS security researcher said this update has iPhone hackers worried “because some techniques are now irretrievably lost.”
“Ir raised the bar,” agreed Patrokios Argyroudis, a specialist in unknown vulnerabilities of security firm CENSUS.
Donenfeld noted that this change does not make attacks impossible, but “it certainly will have an impact.”
“When there’s a will, there’s a way,” added jailbreak Checkra1n developer Jamie Bishop. “There’s always going to be bugs of some sort, whether that be in PAC or whether it be a completely different exploitation strategy. This mitigation in reality probably just raises the cost of zero-clicks, but a determined attacker with a lot of resources would still be able to pull it off.”
For sure, this isn’t going to force hackers to throw in the towel. They will just go back to the drawing board. They’ll eventually find a new way to affect iPhones, meaning Apple’s security team will need to go back to the drawing board as well.
And this is how Apple retains its users. The Apple faithful know that Apple will keep fighting to protect them and their devices. But it appears it’s also what makes attackers want to really stick it to the company.
And while it’s working on deploying this iOS fix, Apple is also dealing with an issue of third-party iOS apps crashing after syncing with M1 Macs as well as M1 Macs getting hit by the Silver Sparrow malware. The hackers are still hard at work.
