iOS 14.5 will blunt one of the most dangerous types of iPhone exploit
iOS 14.5 could make your iPhone more secure than ever
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
An imminentiOS updateis set to make cyberattacks that require no input from the victim (also known as zero-click exploits) much harder to execute.
As evidenced by the beta version of iOS 14.5,Applehas changed its approach to securing code running on itsphonesandtablets, making it far more difficult for hackers to develop exploits that do not rely on some form of slip-up on the user’s part.
Although Apple already uses a technology known as Pointer Authentication Codes (PAC) to prevent attackers from abusing corrupted memory, this protection does not currently extend to ISA pointers, used to inform applications which portion of code to refer to.
Assuming the changes present in the beta make it into the full iOS 14.5 release, which is expected to land later this month, ISA pointers will soon come under the protection of PAC, closing off the attack vector.
iOS 14.5 security update
What makes zero-click (or 0-click) exploits so dangerous is that they do not rely on the victim clicking on a malicious link or email attachment to infect a device. And because they require no interaction on the victim’s part, the owner of the affected device is also less likely to be aware of an attack.
According to Apple, the new measures introduced with iOS 14.5 will make conducting this type of attack far more difficult, but not entirely impossible. Overall device security, the firm explained, depends on bolstering mitigation mechanisms across the board.
However, security experts are a little more bullish about the potential for iOS 14.5 to impair both zero-click attacks and sandbox attacks, which place applications in a kind of quarantine, preventing them from communicating.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Adam Donnenfeld, Security Researcher at Zimperium, toldMotherboardthat the steps taken by Apple will mean only the most sophisticated hackers will now be able to execute these types of attacks.
“Nowadays, since the pointer is signed, it is harder to corrupt these pointers to manipulate objects in the system. These objects were used mostly in sandbox escapes and 0-clicks,” he explained.
An anonymous iOS developer, meanwhile, suggested the iOS update will force hackers to develop entirely new methods of compromise, “because some techniques are now irretrievably lost”.
Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He’s responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.
Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics
This new phishing strategy utilizes GitHub comments to distribute malware
Arcane season 2 finally gave us the huge Caitlyn and Vi moment we’ve been waiting for – and its creators say ‘we couldn’t have done it in season one’
