One of the most dangerous attack methods against the iPhone and iPad is a hack that involves no user error or activity at all. These so-called zero-click attacks are only possible by exploiting security flaws, but they are more common than most of us would like to imagine. Journalists and even Amazon boss Bezos have been apparent
victims of such attacks.
That may sound alarming, but iPhone users can rest assured that Apple has been taking steps to make these attacks less likely. As Samuel Groß from
Google Project Zero reports, the company introduced a number of related security technologies in
One gateway or zero-click attacks was opening messages in iMessage, but this is now protected by the new sandboxed BlastDoor service. As of iOS 14 BlastDoor parses “almost all” untrusted data in iMessage, Groß writes, and because the new service was written in Swift it is more resistant to the introduction of memory corruption vulnerabilities.
The system’s shared cache was also a weak point. This is now protected by an additional randomisation, which makes it more difficult for attacks to succeed.
Another new protective function is that some services in the system can no longer be restarted in quick succession. Deliberately caused crashes of these services could be used by hackers to attack address space layout randomisation, or ASLR. This ‘throttling’ hinders any attacks on ASLR.
The security researcher sees these new technologies very positively, as they show that Apple puts a lot of effort into protecting its users.
For broader advice read our
iPhone security tips.
This article originally appeared on
Macwelt. Translation by David Price.