Google uncovers new iOS security feature Apple quietly added after zero-day attacks

Apple BlastDoor sandbox

Google Project Zero on Thursday disclosed details of a new security mechanism that Apple quietly added to iOS 14 as a countermeasure to prevent attacks that were recently found to leverage zero-days in its messaging app.

Dubbed “BlastDoor,” the improved sandbox system for iMessage data was disclosed by Samuel Groß, a security researcher with Project Zero, a team of security researchers at Google tasked with studying zero-day vulnerabilities in hardware and software systems.

“One of the major changes in iOS 14 is the introduction of a new, tightly sandboxed ‘BlastDoor’ service which is now responsible for almost all parsing of untrusted data in iMessages,” Groß said. “Furthermore, this service is written in Swift, a (mostly) memory safe language which makes it significantly harder to introduce classic memory corruption vulnerabilities into the code base.”

password auditor

The development is a consequence of a zero-click exploit that leveraged an Apple iMessage flaw in iOS 13.5.1 to get around security protections as part of a cyberespionage campaign targeting Al Jazeera journalists last year.

“We do not believe that [the exploit] works against iOS 14 and above, which includes new security…

http://feedproxy.google.com/~r/TheHackersNews/~3/HgNyP2-PuoY/google-uncovers-new-ios-security.html

Have a comment? Type it below!