Security News > 2021 > January > Apple Adds 'BlastDoor' to Secure iPhones From Zero-Click Attacks

Apple Adds 'BlastDoor' to Secure iPhones From Zero-Click Attacks
2021-01-28 20:31

Apple has quietly added several anti-exploit mitigations into its flagship mobile operating system in what appears to be a specific response to zero-click iMessage attacks observed in the wild.

The new mitigations were discovered by Samuel Groß, a Google Project Zero security researcher who specializes in remote iPhone exploitation and zero-click attacks against mobile messaging systems.

Apple did not document the changes but Groß said he fiddled around with the newest iOS 14 and found that Apple shipped a "Significant refactoring of iMessage processing" that severely cripples the usual ways exploits are chained together for zero-click attacks.

With iOS 14, Groß discovered that Apple shipped a significant refactoring of iMessage processing, and made all four parts of an attack much harder to succeed.

Separately, Apple added logic into iOS 14 to specifically detect attacks and new techniques to limit an attacker's ability to retry exploits or brute force Address Space Layout Randomization.

The mitigations, Groß said, made all four parts of a typical zero-click attack harder and he commended Apple for responding to the work of offense-focused hackers to respond to documented in-the-wild attacks.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/IXU1oPNDXV0/apple-adds-blastdoor-secure-iphones-zero-click-attacks

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 68 212 1433 2208 257 4110