Using so-called zero-click attacks, attackers manage to take over iPhone and the like without the user having to take action – it is enough, for example, to get a manipulated message via iMessage or email. Corresponding attacks have already occurred in the past through previously unknown gaps in the system. Apple now intends to make this type of attack more difficult and will take new measures in iOS and iPadOS 14.5, as security experts have discovered.
Attacks without user intervention
The serious zero-click attacks on the iPhone have so far been targeted against journalists and activists by – presumably – state actors. Apple has already taken new measures against attacks on its messaging app, with which malicious code should be better isolated from the rest of the system.
The group now wants to extend similar functions to the entire operating system, reports the IT blog Motherboard relying on experts.
Protection for ISA pointers too
The procedures have already been implemented in the latest beta versions of iOS 14.5 and iPadOS 14.5, it says. You should also make it into the final version. Adam Donenfeld from the security company Zimperium discovered improvements in the context of the so-called Pointer Authentication Codes (PAC), which have actually been in use for several years.
The se are intended to prevent pointers from being changed in order to use memory corruptions to inject bad code. With the operating system version 14.5, ISA pointers are now also cryptographically signed, which further complicates breakouts. Previously, researchers from Google’s Project Zero had criticized Apple for leaving this loophole.
Zerodays lost forever?
According to Donenfeld, this makes it much more difficult to use ISA pointers to manipulate system objects. This makes zero-click attacks just as difficult as sandbox outbreaks, without which system takeovers are not possible. “[Das wird] significantly more difficult, “said Donenfeld. Other security experts also see it that way, it is even possible that existing Zeroday exploits that government organizations or criminals have acquired for a lot of money no longer work and that certain technologies are” lost forever ” It is entirely possible that new methods of implementing zero-click attacks will be found.