Apple Adds 'BlastDoor' To Secure iOS From Zero-Click Attacks

wiredmikey shares a report from SecurityWeek.com: Apple has quietly added several anti-exploit mitigations into iOS in what appears to be a specific response to zero-click iMessage attacks observed in the wild. The new mitigations were discovered by Samuel Grob, a Google Project Zero security researcher, [with the first big addition being] a new, tightly sandboxed 'BlastDoor' service that is now responsible for the parsing of untrusted data in iMessages. With iOS 14, Grob discovered that Apple shipped a significant refactoring of iMessage processing, and made all four parts of an attack much harder to succeed. Apple added logic into iOS 14 to specifically detect [shared cache region] attacks and new techniques to limit an attacker's ability to retry exploits or brute force Address Space Layout Randomization (ASLR). 'Overall, these changes are probably very close to the best that could've been done given the need for backwards compatibility, and they should have a significant impact on the security of iMessage and the platform as a whole,' the Google researcher added.

Read more of this story at Slashdot.