![]() |
MS-DEFCON 4:
There are isolated problems with current patches, but they are well-known and documented on this site.
|
-
iOS 14.5 makes it harder for hackers to develop zero-click exploits.
Home › Forums › AskWoody support › Non-Windows operating systems › iOS › iOS 14.5 makes it harder for hackers to develop zero-click exploits.
- This topic has 1 reply, 1 voice, and was last updated 5 days, 9 hours ago.
Viewing 1 reply thread-
AuthorPosts
-
-
February 22, 2021 at 11:36 am #2345448
Alex5723
AskWoody PlusMultiple exploit developers tell Motherboard an upcoming change in iOS could make zero-click exploits harder to pull off.
Zero-click (or 0-click) allows a hacker to take over an iPhone with no interaction from the target.
Apple is going to make one of the most powerful types of attacks on iPhones much harder to pull off in an upcoming update of iOS.
The company quietly made a new change in the way it secures the code running in its mobile operating system. The change is in the beta version of the next iOS version, 14.5, meaning it is currently slated to be added to the final release.
“It will definitely make 0-clicks harder. Sandbox escapes too. Significantly harder,” a source who develops exploits for government customers told Motherboard, referring to “sandboxes” which isolate applications from each other in an attempt to stop code from one program interacting with the wider operating system…
-
March 1, 2021 at 2:01 pm #2347206
Alex5723
AskWoody PlusiOS 14.5 Beta Directs ‘Safe Browsing’ Traffic in Safari Through Apple Server Instead of Google to Protect Personal User Data
Safari on iOS and iPadOS includes a built-in feature called “Fraudulent Website Warning.” As Apple describes it, having the feature enabled will prompt Safari to warn users if they’re visiting a suspected phishing website, or in other words, a website attempting to steal your data such as username, passwords, and other information.
In order to provide this feature, Apple relies on Google’s “Safe Browsing,” a database/blocklist of websites crawled by Google of websites that it deems to be suspected phishing or scam. In practice Google sends Safari a list of hashed prefixes of URLs that it determines to be malicious/phishing, Safari then checks the website you’re trying to visit against the list from Google. Any match in hashed prefix will cause Safari to request the full URL link from Google, and by using the hashed prefix, Google never sees the website’s URL you’re trying to go to…
While Google doesn’t know which specific URL you’re trying to visit, it may collect your IP address during its interaction with Safari. Now on iOS/iPadOS 14.5, that’s no longer the case. As confirmed by the Head of Engineering for WebKit, Apple will now proxy Google’s Safe Browsing feature through its own servers instead of Google as a way to “limit the risk of information leak.”
-
-
AuthorPosts
Viewing 1 reply thread -
Welcome to our unique respite from the madness.
It's easy to post questions about Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.

Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments. Click here for details and to sign up.
Search Newsletters
Search Forums
Recent Replies
areader on Free-form database wanted
13 minutes agoSusan Bradley on Do you still patch on premises Exchange servers?
1 hour, 11 minutes agoAscaris on Trying Linux on your Windows system
2 hours, 59 minutes agoOscarCP on Aren't these the greatest performances of classical music?
5 hours, 9 minutes agoWCHS on Tasks for the weekend – February 20, 2021 – it’s Squirrel away time
5 hours, 15 minutes ago280park on MS-DEFCON 4 – February updates trigger few issues
5 hours, 27 minutes agoOscarCP on AI generated play
5 hours, 31 minutes agoOscarCP on At Least 30,000 U.S. Organizations Newly Hacked Via Microsoft’s Email Software
5 hours, 56 minutes agoKurtSchwan on Using Microsoft OneDrive on your Android device
6 hours, 15 minutes agoRick Corbett on Free-form database wanted
6 hours, 35 minutes agoLHiggins on Battery, Power Management Questions
7 hours, 1 minute agompw on Getting ready for upgrade to 20H2
7 hours, 16 minutes agoJohn on ‘System’ reports high CPU
7 hours, 19 minutes agoAmy Babinchak on Do you still patch on premises Exchange servers?
7 hours, 52 minutes agoBob99 on Comments on AKB 2000016: Guide for Windows Update Settings for Windows 10
8 hours, 26 minutes agoDanE1234 on Free-form database wanted
8 hours, 43 minutes agoBob99 on ‘System’ reports high CPU
8 hours, 51 minutes agoabbodi86 on Comments on AKB 2000016: Guide for Windows Update Settings for Windows 10
8 hours, 57 minutes agoBob99 on Seriously, MBAM?
8 hours, 59 minutes agoRick Corbett on Seriously, MBAM?
9 hours, 22 minutes agoAlex5723 on LinkedIn will stop collecting IDFA data on iOS
9 hours, 27 minutes agoSimon_Weel on Do you still patch on premises Exchange servers?
9 hours, 28 minutes agoCharlie on 117 patches for GRUB2
9 hours, 37 minutes agoPKCano on Windows 10 Home update: wushowhide.diagcab won’t download
9 hours, 44 minutes agoJohn on ‘System’ reports high CPU
9 hours, 49 minutes agoMicrofix on Trying Linux on your Windows system
9 hours, 55 minutes agoprestonsmith on Trying Linux on your Windows system
10 hours, 14 minutes agoprestonsmith on Trying Linux on your Windows system
10 hours, 18 minutes agoanonymous on Comments on AKB 2000016: Guide for Windows Update Settings for Windows 10
10 hours, 23 minutes agob on Do you still patch on premises Exchange servers?
10 hours, 33 minutes ago
Recent Topics
-
Tasks for the weekend March 6 – check your logins
4 minutes ago
-
Why do “print to PDF” articles contain 2 copies of each image?
2 hours, 17 minutes ago
-
ESU 2021 activation “error: product not found”
6 hours, 33 minutes ago
-
Plus member bonus – Exchange security issue
37 minutes ago
-
Encrypted DNS (DoH) now on Win 10 – but better than dnscrypt-proxy?
7 hours, 55 minutes ago
-
Download DVD disk
8 hours, 32 minutes ago
-
Windows 10 Home update: wushowhide.diagcab won’t download
9 hours, 44 minutes ago
-
Macro app for Windows 10?
12 hours, 31 minutes ago
-
Where are we as respects 20H2 Feature Upgrade?
15 hours, 15 minutes ago
-
upgrading method
21 hours, 33 minutes ago
-
At Least 30,000 U.S. Organizations Newly Hacked Via Microsoft’s Email Software
5 hours, 56 minutes ago
-
Telemetry
23 hours, 2 minutes ago
-
Microsoft Security Response Center
1 day, 3 hours ago
-
SRU and SRUDB
1 day, 10 hours ago
-
‘System’ reports high CPU
7 hours, 19 minutes ago
-
AI generated play
5 hours, 32 minutes ago
-
Free-form database wanted
13 minutes ago
-
LinkedIn will stop collecting IDFA data on iOS
9 hours, 27 minutes ago
-
February Update 20H2 – Telemetry changes
20 hours, 48 minutes ago
-
KB4603002 – Feb 2021 Patch for .Net Framework.
2 days, 13 hours ago
-
reboot takes forever, normal boot from off is quick
1 day, 11 hours ago
-
Windows 10 Insider Preview build 21327 released to DEV Channel
3 days, 2 hours ago
-
Using IFS function and BETWEEN condition
3 days, 4 hours ago
-
OS upgrade
2 days, 22 hours ago
-
Microsoft.Windows.Remediation failed to start
1 day, 12 hours ago
-
117 patches for GRUB2
9 hours, 37 minutes ago
-
Google says it will stop selling ads based on people’s browsing histories
3 days, 6 hours ago
-
Stuck updates
2 days, 15 hours ago
-
Battery, Power Management Questions
7 hours, 1 minute ago
-
Avatar
2 days, 18 hours ago
Search for Topics
Recent blog posts
- Tasks for the weekend March 6 – check your logins
- Plus member bonus – Exchange security issue
- March 2021 Office non-Security Updates are now available
- Do you still patch on premises Exchange servers?
- “Stuttering” glitch on a brand-new PC
- Here’s looking at you, kid: the child-cam scam
- The best things in life are copyrighted
- Using Microsoft OneDrive on your Android device
Key Links
Copyright © 2004 – 2021 AskWoody Tech LLC. All rights reserved.