In the past year, several attacks on iPhone users have been discovered with an alarming feature in common: they did not require any interaction from the victim. For example, it could be enough to receive an SMS and suddenly
the phone is hacked.
That kind of attack, however, will be much more difficult to implement following the iOS 14.5 software update, reports
Motherboard. Apple’s developers have extended the scope of a security function called Pointer Authentication Codes (PAC) so that it applies to a category that was previously unprotected.
Under the new system, cryptographic signatures are used to ensure that code in the memory has not been manipulated, and to highlight fake versions of various functions.
Several anonymous hackers Motherboard has spoken to say the change will have a major effect on the development of this kind of zero-click attacks.
“It will definitely make 0-clicks harder,” said one. “Sandbox escapes too. Significantly harder.”
iOS 14.5 is currently in
beta testing. The update is packed with
important tweaks and new features, and is expected to launch to the public around the end of February or early in March.
UPDATE: It seems that iOS 14.5 may also introduce a means by which users can choose to install a security update without also having to update the operating system. This would work much like on a Mac where free-standing security updates are sometimes released that do nothing but block security flaws. More here:
Next iOS update to separate security updates.
For general advice read our
iPhone security tips.
This article originally appeared on
Macworld Sweden. Translation by David Price.