Not only did Apple tell Motherboard that this change will help protect the iPhone from zero-click attacks, Donenfeld said in an online chat that “Nowadays, since the pointer is signed, it is harder to corrupt these pointers to manipulate objects in the system. These objects were used mostly in sandbox escapes and 0clicks.” And now the bad actors are the ones upset. An iOS security researcher, who requested anonymity because he is not authorized to speak to the media, said that many hackers are upset “because some techniques are now irretrievably lost.”
Zimperium’s Donenfeld points out that hackers will be looking for new techniques to replace the ones that have been lost. In addition, he says that even though zero-clicks are now harder to pull off, they are not impossible to use for attacks. “This mitigation in reality probably just raises the cost of 0clicks, but a determined attacker with a lot of resources would still be able to pull it off,” noted Jamie Bishop, who is one of the developers of the popular Checkra1n jailbreak. Still, by making a zero-click attack harder to pull off, iPhone users need to install iOS 14.5 as soon as the final public version becomes available this spring.