Apple’s about to make it much harder for hackers to take control of unsuspecting iPhones. The company’s second iOS 14.5 beta includes language that focuses on a hacking technique known as zero-click, or 0-click, according to Motherboard.
With zero-click attacks, hackers can break into a device without the end-user performing a task. Because no interaction is required, these “sophisticated” attacks are harder for the targeted user to detect.
These attacks may now become much rarer, according to several security researchers who look for vulnerabilities in iOS.
The change in iOS 14.5 beta 2 centers around ISA pointers and how they relate to an Apple technology called Pointer Authentication Codes, or PAC. As Motherboard explains, PAC protects iPhone users from exploits that inject malicious code by preventing attackers from leveraging corrupted memory.
This is done by using cryptography to authenticate these pointers and validate them before they’re used. ISA pointers are a related feature of iOS’s code that tells a program what code to use when it runs. Until now, they were not protected with PAC, as Samuel Groß from Google Project Zero explained last year. By using cryptography to sign these pointers, Apple extended PAC protections to ISA pointers.
Adam Donenfeld, who works for security firm Zimperium, explains, “Nowadays, since the pointer is signed, it is harder to corrupt these pointers to manipulate objects in the system. These objects were used mostly in sandbox escapes and 0clicks.” Meanwhile, CENSUS’ Patroklos Argyroudis says the change “raised the bar.”
The current iOS 14.5 beta was released to developers on February 16. A final version should be released to the public in the coming months. The update includes new emoji, Apple Watch iPhone unlocking, changes to the Music app, and more.