The next iOS version will make it more difficult for hackers to break into iPhones. Security researchers digging around in Apple’s beta code for iOS 14.5 found that the company began encrypting pointer authentication codes, which will make zero-click attacks far tougher to pull off.
“It will definitely make zero-clicks harder. Sandbox escapes too,” a security researcher told Vice.
The goal is to make the most insidious form of hacking nearly impossible. In a zero-click attack, the user doesn’t have to do anything. A hacker breaks into their handset completely without user involvement… or awareness, of course.
Defeat zero-click attacks with encrypted Pointer Authentication Codes
The exact change is a bit technical. When executing code, iOS uses pointers to keep track of what it’s doing. Malicious code tries to manipulate these pointers into letting the hacker take control of the iPhone.
iOS apps run in a “sandbox” that prevents them from accessing iPhone functions they aren‘t supposed to. False pointers can be used to escape from a sandbox, letting the malicious code do whatever it’s been programmed to do.
Apple combats this with Pointer Authentication Codes, which make creating false pointers more difficult. With iOS 14.5, it goes a step farther. Security researchers told Vice that these PAC codes are now being encrypted. That makes it far, far more challenging to make a fake one.
Apple began beta testing iOS 14.5 weeks ago. It’s expected to be released in early spring, bringing the benefits of fewer zero-click attacks to all iPhone users.