Security News > 2021 > January > Google uncovers new iOS security feature Apple quietly added after zero-day attacks
Google Project Zero on Thursday disclosed details of a new security mechanism that Apple quietly added to iOS 14 as a countermeasure to prevent attacks that were recently found to leverage zero-days in its messaging app.
Dubbed "BlastDoor," the improved sandbox system for iMessage data was disclosed by Samuel Groß, a Google Project Zero researcher tasked with studying zero-day vulnerabilities in hardware and software systems.
The development is a consequence of a zero-click exploit that leveraged an Apple iMessage flaw in iOS 13.5.1 to get around security protections as part of a cyberespionage campaign targeting Al Jazeera journalists last year.
"We do not believe that works against iOS 14 and above, which includes new security protections," Citizen Lab researchers who revealed the attack outlined last month.
BlastDoor forms the core of those new security protections, per Groß, who analyzed the implemented changes over the course of a week-long reverse engineering project using an M1 Mac Mini running macOS 11.1 and an iPhone XS running iOS 14.3.
What's more, in a bid to delay subsequent restarts of a crashing service, Apple has also introduced a new throttling feature in the iOS "Launchd" process to limit the number of tries an attacker gets when seeking to exploit a flaw by exponentially increasing the time between two successive brute-force attempts.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/HgNyP2-PuoY/google-uncovers-new-ios-security.html
Related news
- Apple releases iOS 18, with security and privacy improvements (source)
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)
- Microsoft fixes 4 exploited zero-days and a code defect that nixed earlier security fixes (source)
- Google Chrome gets a mind of its own for some security fixes (source)
- Security measures fail to keep up with rising email attacks (source)
- Windows vulnerability abused braille “spaces” in zero-day attacks (source)
- Week in review: Critical VMware vCenter Server bugs fixed, Apple releases iOS 18 (source)
- Apple's latest macOS release is breaking security software, network connections (source)
- Rackspace monitoring data stolen in ScienceLogic zero-day attack (source)
- Fake Trading Apps Target Victims Globally via Apple App Store and Google Play (source)