iOS 14.5 to Make Zero-Click Attacks 'Significantly Harder'
Apple's impending iOS and iPadOS 14.5 update will make zero-click attacks considerably more difficult by extending PAC security provisions, according to Motherboard.
Apple has made a change to the way in which it secures its code in the latest betas of iOS 14.5 and iPadOS 14.5 to make zero-click attacks much harder. The change, spotted by security researchers, has now been confirmed by Apple and is slated to be included in the final update.
Zero-click attacks allow hackers to break into a target without the need for victim interaction, such as clicking a malicious phishing link. Zero-click attacks are therefore considerably harder for targeted users to detect and are considered to be much more sophisticated.
Since 2018, Apple has used Pointer Authentication Codes (PAC) to prevent attackers from leveraging corrupted memory to inject malicious code. Cryptography is applied to authenticate pointers and validate them before they are used. ISA pointers instruct a program about what code it should use when it runs on iOS. By using cryptography to sign these pointers, Apple is now extending PAC protection to ISA pointers.
"Nowadays, since the pointer is signed, it is harder to corrupt these pointers to manipulate objects in the system. These objects were used mostly in sandbox escapes and zero-clicks," security firm Zimperium's Adam Donenfeld told Motherboard. The change will "definitely make zero-clicks harder. Sandbox escapes too. Significantly harder." Sandboxes aim to isolate applications from each other to stop code from a program interacting with the wider operating system.
While zero-clicks will not be eradicated through this change, many of the exploits used by hackers and governmental organizations will now be "irretrievably lost." Hackers will now need to find new techniques to implement zero-click attacks on iPhone and iPad, but the security improvements to ISA pointers are likely to make a significant impact on the overall number of attacks on these devices.
Popular Stories
Apple today introduced a new Apple Creator Studio bundle that offers access to six creative apps, as well as exclusive AI features and content, as part of a single subscription. In the U.S., pricing is set at $12.99 per month or $129 per year.
Here are the six apps included with an Apple Creator Studio subscription:Final Cut Pro on the Mac and iPad
Logic Pro on the Mac and iPad
Pixelmator...
Verizon is experiencing a major outage across the U.S. today, with hundreds of thousands of customers reporting issues with the network on the website Downdetector. There are also complaints across Reddit and other social media platforms.
iPhone users and others with Verizon service are generally unable to make phone calls, send text messages, or use data over 5G or LTE due to the outage....
While the iPhone 18 Pro models are still around eight months away, a leaker has shared some alleged details about the devices.
In a post on Chinese social media platform Weibo this week, the account Digital Chat Station said the iPhone 18 Pro and iPhone 18 Pro Max will have the same 6.3-inch and 6.9-inch display sizes as the iPhone 17 Pro and iPhone 17 Pro Max.
Consistent with previous...
Apple today seeded the second beta of iOS 26.3, nearly a month after the first beta. So far, the update includes a couple of new features for iPhones.
iOS 15.3 through iOS 18.3 were all released in late January over the years, so it is thereby likely that iOS 26.3 will be released towards the end of this month as well. The update is compatible with the iPhone 11 series and newer.
Below,...
Apple today released a firmware update for the AirPods Pro 3. The latest firmware has a version number of 8B34, up from the previous version 8B30.
Apple has a support document for AirPods firmware updates, and it indicates that the 8B34 update contains unspecified "bug fixes and other improvements."
No other AirPods models received firmware updates today.
How to install AirPods Pro...
