iOS 14.5 makes zero-click iPhone attacks even more difficult

By

If hackers dump your personal data onto the dark web, you need to know about it. Dashlane Dark Web Monitoring can sound the alarm.
“Dammit, Apple keeps breaking all my best zero-click attacks.”
Photo: sebastiaan stam/Pexels CC

The next iOS version will make it more difficult for hackers to break into iPhones. Security researchers digging around in Apple’s beta code for iOS 14.5 found that the company began encrypting pointer authentication codes, which will make zero-click attacks far tougher to pull off.

“It will definitely make zero-clicks harder. Sandbox escapes too,” a security researcher told Vice.

The goal is to make the most insidious form of hacking nearly impossible. In a zero-click attack, the user doesn’t have to do anything. A hacker breaks into their handset completely without user involvement… or awareness, of course.

Defeat zero-click attacks with encrypted Pointer Authentication Codes

The exact change is a bit technical. When executing code, iOS uses pointers to keep track of what it’s doing. Malicious code tries to manipulate these pointers into letting the hacker take control of the iPhone.

iOS apps run in a “sandbox” that prevents them from accessing iPhone functions they aren‘t supposed to. False pointers can be used to escape from a sandbox, letting the malicious code do whatever it’s been programmed to do.

Apple combats this with Pointer Authentication Codes, which make creating false pointers more difficult. With iOS 14.5, it goes a step farther. Security researchers told Vice that these PAC codes are now being encrypted. That makes it far, far more challenging to make a fake one.

Apple began beta testing iOS 14.5 weeks ago. It’s expected to be released in early spring, bringing the benefits of fewer zero-click attacks to all iPhone users.