![]() ![]() ![]() This is mainly due to three central changes: 1. With iOS 14, Apple shipped a significant refactoring of iMessage processing, and made all four parts of the attack harder. ( Likely ) A way to break out of any sandbox, typically by exploiting a separate vulnerability in another operating system component (e.g.A way to turn the vulnerability into remote code execution.A memory corruption vulnerability, reachable without user interaction and ideally without triggering any user notifications.Memory corruption based 0-click exploits typically require at least the following pieces: At least for the technical details, it is recommended to briefly review the blog post series from last year for a basic introduction to iMessage and the exploitation techniques used to attack it. Afterwards, and mostly for the readers interested in the technical details, each of the major improvements is described in more detail while also providing a walkthrough of how it was reverse engineered. The blog post will start with an overview of the major changes Apple implemented in iOS 14 which affect the security of iMessage. Where possible, I’ve tried to describe the steps necessary to verify the presented results, and would appreciate any corrections or additions. Due to the nature of this project and the limited timeframe, it is possible that I have missed some relevant changes or made mistakes interpreting some results. The content of this blog post is the result of a roughly one-week reverse engineering project, mostly performed on a M1 Mac Mini running macOS 11.1, with the results, where possible, verified to also apply to iOS 14.3, running on an iPhone XS. Given that it is also now almost exactly one year ago since we published the Remote iPhone Exploitation blog post series, in which we described how an iMessage 0-click exploit can work in practice and gave a number of suggestions on how similar attacks could be prevented in the future, now seemed like a great time to dig into the security improvements in iOS 14 in more detail and explore how Apple has hardened their platform against 0-click attacks. Of particular interest is the following note: “We do not believe that works against iOS 14 and above, which includes new security protections''. ![]() On December 20, Citizenlab published “ The Great iPwn ”, detailing how “Journalists Hacked with Suspected NSO Group iMessage ‘Zero-Click’ Exploit”. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |