Every so often, and with increasing frequency, thousands of users fall victim to vulnerabilities so strategically thought out that it is almost impossible to determine what prevention measure would have worked to prevent it. In this list the exploits without clicking occupy a relevant place, but iOS 14.5 has resolved this situation.
To the options to unblock Face ID with masks, the notification of visiting fraudulent sites, the next tracking tags and many other updates that have arrived with the iOS 14.5 beta, a new measure is added that It will make it difficult for hackers to gain control of the iPhone without any interaction from that user.
iOS 14.5 resolves another iPhone vulnerability
According to information shared by ., citing a Motherboard report the change focuses on the technology called Pointer authentication codes, which is a crypto security feature that Apple has used since 2018. With iOS 14.5, Apple has extended this to something called ISA pointers:
“ISA pointers are a related feature of iOS code that tells a program what code to use when it runs. Until now, they were not protected with PAC… By using cryptography to sign these pointers, Apple extended PAC protections to ISA pointers. “
A security researcher told Motherboard that this change worries many iPhone hackers because “Some techniques have now been irretrievably lost”. “It will definitely make ‘no clicks’ more difficult.
For its part, jailbreak developer Jamie Bishop said The changes do not completely eliminate zero-click attacks, but rather increase the cost:
“When there is a will, there is a way: there will always be bugs of some kind, whether in PAC or if it is a completely different exploitation strategy … This mitigation actually probably only increases the cost of” 0 clicks “, but an attacker determined with many resources could still achieve it.
Know more: All the news in iOS 14.5 beta 2: new emoji, new gestures and more
After the second beta, there are still a few weeks to go the release of the final version of iOS 14.5, in which we can evaluate the scope of this and other updates.