Apple’s upcoming iPhone and iPad updates – iOS 14.5 and iPadOS 14.5 respectively – will make zero-click attacks significantly more difficult by expanding PAC security measures.
Apple has made a change to the way it secures its code in the latest betas of iOS 14.5 and iPadOS 14.5 to make zero-click attacks much more difficult, reported Motherboard. The change discovered by the security researchers has now been confirmed by Apple and will be included in the final update.
Thanks to iOS 14.5: Zero-click attacks have a harder time
Zero-click attacks allow hackers to break into a target without requiring any interaction from the victim, such as clicking on a malicious phishing link. Zero-click attacks are therefore much harder for the target to detect and are considered much more sophisticated. Since 2018, Apple has used Pointer Authentication Codes (PAC) to prevent attackers from using corrupted memory to inject malicious code. This uses cryptography to authenticate and validate pointers before they are used. ISA pointers tell a program what code to use when running on iOS. By using cryptography to sign these pointers, Apple is now extending PAC protection to ISA pointers. Adam Donenfeld of security firm Zimperium explains to Motherboard:
Hackers will now have to find new techniques
Since the pointer is now signed, it is harder to corrupt them to manipulate objects in the system. These objects were used primarily in sandbox escapades and zero-clicks. The change will definitely make zero-clicks more difficult - sandbox escapes too.
Sandboxes aim to isolate applications from each other to prevent a program's code from interacting with the wider operating system. While zero-clicks will not be eradicated by this change, many of the exploits used by hackers and government organizations will now be "irretrievably lost." That means hackers will now have to find new techniques to implement zero-click attacks in iPhone and iPad devices. But the security improvements to the ISA pointers will likely have a significant impact on the overall number of attacks. (Photo by watnamo / Bigstockphoto)
