Quietly Securing Against Zero Click Attacks
Apple has been very successful convincing people about the security of iOS by not saying a thing about it. Those of us who follow tech media are usually quite aware of the various security issues which have been discovered on their devices, especially the ones which can be exploited without the user being aware of anything happening, as well as the mitigations applied to protect against them. The general public on the other hand tends not to be aware of the vulnerabilities nor the released patches as Apple simply doesn’t talk about them. They push them quietly to devices, unlike many other companies we could name.
The latest set of security features were discovered by a Google Project Zero security researcher by the name of Samuel Grob, who posted many of the details to that site. iOS 14 is now much more secure against exploits which target Address Space Layout Randomization by frequently randomizing the shared cache region. This will mean that while an attacker might be able to gain access via ASLR they won’t be able to do anything as the address spaces they gained access to won’t be there for long enough to leverage.
As well there is a new BlastDoor service which protects iMessage, written in Swift which is a relatively secure language to ensure that the mitigation itself doesn’t add even more vulnerabilities to iOS. This should secure your iThang against the recent zero-click attacks which leverage iMessage to infect your devices without any interaction on your part.
Read on if you are curious what other new Apple security features the researchers were able to discover.
Apple has quietly added several anti-exploit mitigations into iOS in what appears to be a specific response to zero-click iMessage attacks observed in the wild.