Apple is going to make one of the most powerful types of attacks on iPhones much harder to pull off in an upcoming update of iOS. From a report: The company quietly made a new change in the way it secures the code running in its mobile operating system. The change is in the beta version of the next iOS version, 14.5, meaning it is currently slated to be added to the final release. Several security researchers who specialize in finding vulnerabilities in and crafting exploits for iOS believe this new mitigation will make it much harder for hackers to take control of an iPhone with a technique known as a zero-click (or 0-click) exploit, which allows a hacker to take over an iPhone with no interaction from the target. Apple also told Motherboard it believes the changes will impact 0-click attacks.
“It will definitely make 0-clicks harder. Sandbox escapes too. Significantly harder,” a source who develops exploits for government customers told Motherboard, referring to “sandboxes” which isolate applications from each other in an attempt to stop code from one program interacting with the wider operating system. Motherboard granted multiple exploit developers anonymity to speak more candidly about sensitive industry issues. Like the name suggests, zero-click attacks allow hackers to break into a target without needing the victim to interact with anything, such as a malicious phishing link. This means that the attack is generally harder for the targeted user to detect. These are generally very sophisticated attacks. These attacks may now become much rarer, according to several security researchers who look for vulnerabilities in iOS.