Apple iPhone users need to install iOS 14.5 as soon as it's released; here's why

According to Motherboard, Apple has come up with a way to protect iOS from zero-click exploits. These vulnerabilities are ones that allow a hacker to take control of an iPhone without any interaction from the victim. The change developed by Apple has been silently added to the iOS 14.5 beta giving iPhone users another reason to look forward to the final version of the update. Some of the features coming in the next iOS build include one that allows a face mask wearing iPhone user to have his phone unlocked automatically if he is wearing an unlocked Apple Watch. The update adds new emoji and the App Tracking Transparency feature that stops a user from being tracked by a third party app unless he decides to opt-in to be tracked.

According to a source who develops exploits for government customers, the changes made by Apple “…will definitely make 0-clicks harder. Sandbox escapes too. Significantly harder.” With zero-click attacks taking place without any action needed on the part of the phone owner, such attacks are generally harder for the target to detect and are more sophisticated. A feature of iOS called ISA pointers tell the operating system what code to use. According to Apple’s Platform Security Guide, Apple now uses cyptography to validate these pointers via the use of Pointer Authentication Codes (or PAC). This is a new form of protection for Apple and prevents hackers from using malicious code in an attack. A member of security firm Zimperium, Adam Donenfeld, noticed the change earlier this month when he reversed engineered the iOS 14.5 beta.

Zero-click exploits will ve harder to pull off in iOS 14.5

Not only did Apple tell Motherboard that this change will help protect the iPhone from zero-click attacks, Donenfeld said in an online chat that “Nowadays, since the pointer is signed, it is harder to corrupt these pointers to manipulate objects in the system. These objects were used mostly in sandbox escapes and 0clicks.” And now the bad actors are the ones upset. An iOS security researcher, who requested anonymity because he is not authorized to speak to the media, said that many hackers are upset “because some techniques are now irretrievably lost.”

Zimperium’s Donenfeld points out that hackers will be looking for new techniques to replace the ones that have been lost. In addition, he says that even though zero-clicks are now harder to pull off, they are not impossible to use for attacks. “This mitigation in reality probably just raises the cost of 0clicks, but a determined attacker with a lot of resources would still be able to pull it off,” noted Jamie Bishop, who is one of the developers of the popular Checkra1n jailbreak. Still, by making a zero-click attack harder to pull off, iPhone users need to install iOS 14.5 as soon as the final public version becomes available this spring.

Apple iPhone users need to install iOS 14.5 as soon as it’s released; here’s why

Netflix brings nifty new feature to Android and iPhone users

Spotify announces HiFi subscription tier, coming to Premium users later this year

Related Posts