The arrival of iOS 14.5 will imply not only an improvement in user privacy but also a significant advance in device security. Apple made changes to the beta version of iOS that make it difficult to hack the iPhone.
According to Motherboard, Apple changed the way it protects code that runs on iOS. Thus, zero-click attacks would be more difficult for hackers and government organizations to carry out.
Zero-click attacks represent a latent threat since they do not require user interaction for the hacker to take control of the iPhone. One of the most recent examples occurred in 2020 when the Citizen Lab revealed that 36 journalists were victims of zero-click attacks to infect them with Pegasus spyware.
To combat it, Apple will protect iPhones using Pointer Authentication Codes technology. Also known as PAC, these codes are compatible with A12 and S4 chips or later and are used to protect the system against memory corruption vulnerabilities.
“System software and embedded apps use these codes to prevent function pointers and return addresses (code pointers) from being changed.”
Apple will protect ISA pointers, responsible for telling the program what code to use when it runs. To achieve this, the system will authenticate these pointers and validate them before they are used, making it more difficult to corrupt them to manipulate objects in the system.
The use of Pointer Authentication Codes also increases the difficulty of other attacks, such as ROP (return-oriented programming). They try to trick the device into executing existing code maliciously by manipulating the return addresses of functions stored on the stack.
Although the implementation of this technology will not completely prevent hacks, it does represent a new challenge for those who develop exploits. According to a security researcher, iPhone hackers are concerned that they will not be able to use the common techniques they used to hack into devices.
