Security News > 2021 > January > Google uncovers new iOS security feature Apple quietly added after zero-day attacks

Google Project Zero on Thursday disclosed details of a new security mechanism that Apple quietly added to iOS 14 as a countermeasure to prevent attacks that were recently found to leverage zero-days in its messaging app.

Dubbed "BlastDoor," the improved sandbox system for iMessage data was disclosed by Samuel Groß, a Google Project Zero researcher tasked with studying zero-day vulnerabilities in hardware and software systems.

The development is a consequence of a zero-click exploit that leveraged an Apple iMessage flaw in iOS 13.5.1 to get around security protections as part of a cyberespionage campaign targeting Al Jazeera journalists last year.

"We do not believe that works against iOS 14 and above, which includes new security protections," Citizen Lab researchers who revealed the attack outlined last month.

BlastDoor forms the core of those new security protections, per Groß, who analyzed the implemented changes over the course of a week-long reverse engineering project using an M1 Mac Mini running macOS 11.1 and an iPhone XS running iOS 14.3.

What's more, in a bid to delay subsequent restarts of a crashing service, Apple has also introduced a new throttling feature in the iOS "Launchd" process to limit the number of tries an attacker gets when seeking to exploit a flaw by exponentially increasing the time between two successive brute-force attempts.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/HgNyP2-PuoY/google-uncovers-new-ios-security.html