Apple has quietly added several anti-exploit mitigations into its flagship mobile operating system in what appears to be a specific response to zero-click iMessage attacks observed in the wild.
The new mitigations were discovered by Samuel Groß, a Google Project Zero security researcher who specializes in remote iPhone exploitation and zero-click attacks against mobile messaging systems.
Apple did not document the changes but Groß said he fiddled around with the newest iOS 14 and found that Apple shipped a “significant refactoring of iMessage processing” that severely cripples the usual ways exploits are chained together for zero-click attacks.
Groß notes that memory corruption based zero-click exploits typically require exploitation of multiple vulnerabilities to create exploit chains. In most observed attacks, these could include a memory corruption vulnerability, reachable without user interaction and ideally without triggering any user notifications; a way to break ASLR remotely; a way to turn the vulnerability into remote code execution;; and a way to break out of any sandbox, typically by exploiting a separate vulnerability in another operating system component (e.g. a userspace service or the kernel).
With iOS 14, Groß discovered that Apple shipped a significant refactoring of iMessage processing, and made all four parts of an attack much harder to succeed.
The first big addition is a new, tightly sandboxed “BlastDoor” service that is now responsible for the parsing of untrusted data in iMessages.
Separately, Apple added logic into iOS 14 to specifically detect [shared cache region] attacks and new techniques to limit an attacker’s ability to retry exploits or brute force Address Space Layout Randomization (ASLR).
The mitigations, Groß said, made all four parts of a typical zero-click attack harder and he commended Apple for responding to the work of offense-focused hackers to respond to documented in-the-wild attacks.
“Overall, these changes are probably very close to the best that could’ve been done given the need for backwards compatibility, and they should have a significant impact on the security of iMessage and the platform as a whole,” the Google researcher added.
Related: iOS Exploit Allows ‘Unfettered Access’ to iPhone User Data Over Wi-Fi
Related: Google Researchers Detail Critical iMessage Vulnerability
Related: Apple Ships Emergency Fixes for Under-Attack iOS Zero-Day
Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.
More from Ryan Naraine
- Backslash Snags $8M Seed Financing for AppSec Tech
- Oleria Scores $8M Seed Funding for ID Authentication Technology
- Aembit Scores $16.6M Seed Funding for Workload IAM Technology
- Project Zero: Samsung Mobile Chipsets Vulnerable to Baseband Code Execution Exploits
- Rapid7 Buys Anti-Ransomware Firm Minerva Labs for $38 Million
- Microsoft Pins Outlook Zero-Day Attacks on Russian Actor, Offers Detection Script
- Microsoft Warns of Outlook Zero-Day Exploitation, Patches 80 Security Vulns
- Adobe Warns of ‘Very Limited Attacks’ Exploiting ColdFusion Zero-Day
Latest News
- TikTok CEO Grilled by Skeptical Lawmakers on Safety, Content
- CISA, NSA Issue Guidance for IAM Administrators
- Analysis: SEC Cybersecurity Proposals and Biden’s National Cybersecurity Strategy
- Intel Boasts Attack Surface Reduction With New 13th Gen Core vPro Platform
- Cisco Patches High-Severity Vulnerabilities in IOS Software
- ‘Nexus’ Android Trojan Targets 450 Financial Applications
- Tackling the Challenge of Actionable Intelligence Through Context
- Dole Says Employee Information Compromised in Ransomware Attack
