Apple takes stance against zero click iPhone hacks
Yet more security news, Apple has taken a strong step to counter the kind of zero click attacks against iPhone security used by some of the world’s most dangerous hackers and state-backed assailants, adding new protection which will eliminate many of the exploits used by such entities.
Hacking the hacks
Apple’s move follows several well-publicized attempts at undermining iPhone security and continued expansion of the iPhone hacks as a service’ industry offered by some independent providers, including NSO. It’s thought these new moves will make life that little harder for such people.
The improvement will appear in iOS 14.5 and iPadOS 14.5 and will make such zero-day hacks harder. These attacks are bad because they don’t require any interaction by the victim, are harder to detect and usually highly sophisticated.
A PAC to trust
To defend against this, Apple has extended existing protection in Pointer Authentication Codes (PAC) to ISA pointers, which are used to tell software what code should be run, adding new layers of cryptography that will make it much harder for such attacks to take place.
This isn’t the perfect defense as such attacks will likely still be attempted, but it will be much, much harder to build successful exploits, effectively making such attempts prohibitively expensive.
Please follow me on Twitter, or join me in the AppleHolic’s bar & grill group on MeWe.