Apple has added several anti-exploit mitigations, including a sandboxed “BlastDoor” service, into its flagship mobile operating systems, iOS 14 and iPadOS 14, in what appears to be a specific response to zero-click iMessage attacks observed in the wild.
The new mitigations were discovered by Samuel Groß, a Google Project Zero security researcher who specializes in remote iPhone exploitation and zero-click attacks against mobile messaging systems.
Apple did not document the changes but Groß said he fiddled around with the newest iOS 14 and found that Apple shipped a “significant refactoring of iMessage processing” that severely cripples the usual ways exploits are chained together for zero-click attacks.
With iOS 14, Groß discovered that Apple shipped a significant refactoring of iMessage processing, and made all four parts of an attack much harder to succeed.
The first big addition is a new, tightly sandboxed “BlastDoor” service that is now responsible for the parsing of untrusted data in iMessages. Separately, Apple added logic into iOS 14 to specifically detect [shared cache region] attacks and new techniques to limit an attacker’s ability to retry exploits or brute force Address Space Layout Randomization (ASLR).
MacDailyNews Note: Samuel Groß writes for Project Zero, “With iOS 14, Apple shipped a significant refactoring of iMessage processing, and made all four parts of the attack harder… Overall, these changes are probably very close to the best that could’ve been done given the need for backwards compatibility, and they should have a significant impact on the security of iMessage and the platform as a whole. It’s great to see Apple putting aside the resources for these kinds of large refactorings to improve end users’ security. Furthermore, these changes also highlight the value of offensive security work: not just single bugs were fixed, but instead structural improvements were made based on insights gained from exploit development work.”