According to Motherboard, Apple has devised a way to protect iOS from the use of no clicks. These vulnerabilities are the ones that enable a hacker to take control of an iPhone without any interaction from the victim. The change developed by Apple has quietly added the iOS 14.5 beta, giving iPhone users another reason to look forward to the final version of the update. Some of the features available in the next iOS version include one that allows the face mask with an iPhone user to automatically unlock his phone while wearing an unlocked Apple Watch. The update adds new emoji and the app transparency feature, which prevents a user from being tracked by a third-party app unless he decides to join to be tracked.
Apple makes it harder for zero-click hackers to exploit in the upcoming iOS 14.5 update coming this spring
According to a source who develops best for government customers, the changes made by Apple will “… make 0-click definitely harder. Sandbox escapes too. Significantly more difficult.” Since zero-click attacks occur without any action from the phone owner, such attacks are generally more difficult to detect the target and are more sophisticated. An iOS feature called ISA Indicators tells the operating system which code to use. According to Apple’s Platform Security Guide, Apple now uses cryptography to validate these instructions using Pointer Authentication Codes (or PAC). This is a new form of protection for Apple and prevents hackers from using malicious code in an attack. A member of the security firm Zimperium, Adam Donenfeld, noticed the change earlier this month when he overturned the iOS 14.5 beta.
It’s harder to run zero click in iOS 14.5
Not only did Apple tell Motherboard that this change would help protect the iPhone from zero-click attacks, but Donenfeld said in an online chat: “Nowadays, since the pointer has been signed, it’s harder to corrupt these indicators. to manipulate objects in the system. These objects were mostly used in sandbox escapes and 0-clicks. “And now the bad actors are upset. An iOS security researcher, who requested anonymity because he was not authorized to speak to the media, said many hackers were upset “because some techniques are now irreparably lost.”
Just in December last year, a zero-click on AirDrop was discovered. AirDrop is a feature that allows iOS users to send and receive files from other nearby iOS devices. Discovered by Google’s Project Zero, Apple’s vulnerability was adjusted in iOS 13.5. It only required the attacker to be within Wi-Fi distance of the target device. It took the hackers six months to exploit this vulnerability, although hackers with better technology would have found it easier. In addition, no solid evidence has ever been found that the hackers did in fact exploit the AirDrop vulnerability. Zero-click exploitation is scary because not only do they trust the user of the targeted device to do something to offset the hack, but the win usually has no idea that his phone was selected before it started to get weird. things.
Donenfeld of Zimperium points out that hackers will be looking for new techniques to replace the lost ones. In addition, he says that even though it is now more difficult to achieve zero-click, it is not impossible to use for attacks. “This mitigation is in fact probably only increasing the cost of 0 clicks, but a determined attacker with a lot of resources will still be able to catch up,” remarked Jamie Bishop, who is one of the developers of the popular Checkra1n prison sentence. However, by making a zero-click attack more difficult, iPhone users will need to install iOS 14.5 once the final public release is available this spring.
