News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

  • iOS 14.5 makes it harder for hackers to develop zero-click exploits.

    Posted on Comment on the AskWoody Lounge

    Home Forums AskWoody support Non-Windows operating systems iOS iOS 14.5 makes it harder for hackers to develop zero-click exploits.

    Viewing 1 reply thread
    • Author
      Posts
      • February 22, 2021 at 11:36 am #2345448
        Alex5723
        AskWoody Plus

        Multiple exploit developers tell Motherboard an upcoming change in iOS could make zero-click exploits harder to pull off.

        Zero-click (or 0-click) allows a hacker to take over an iPhone with no interaction from the target.

        Apple is going to make one of the most powerful types of attacks on iPhones much harder to pull off in an upcoming update of iOS.

        The company quietly made a new change in the way it secures the code running in its mobile operating system. The change is in the beta version of the next iOS version, 14.5, meaning it is currently slated to be added to the final release.

        “It will definitely make 0-clicks harder. Sandbox escapes too. Significantly harder,” a source who develops exploits for government customers told Motherboard, referring to “sandboxes” which isolate applications from each other in an attempt to stop code from one program interacting with the wider operating system…

        3 users thanked author for this post.
        Vincenzo, Microfix, Kirsty
        Reply | Quote
      • March 1, 2021 at 2:01 pm #2347206
        Alex5723
        AskWoody Plus

        iOS 14.5 Beta Directs ‘Safe Browsing’ Traffic in Safari Through Apple Server Instead of Google to Protect Personal User Data

        Safari on iOS and iPadOS includes a built-in feature called “Fraudulent Website Warning.” As Apple describes it, having the feature enabled will prompt Safari to warn users if they’re visiting a suspected phishing website, or in other words, a website attempting to steal your data such as username, passwords, and other information.

        In order to provide this feature, Apple relies on Google’s “Safe Browsing,” a database/blocklist of websites crawled by Google of websites that it deems to be suspected phishing or scam. In practice Google sends Safari a list of hashed prefixes of URLs that it determines to be malicious/phishing, Safari then checks the website you’re trying to visit against the list from Google. Any match in hashed prefix will cause Safari to request the full URL link from Google, and by using the hashed prefix, Google never sees the website’s URL you’re trying to go to…

        While Google doesn’t know which specific URL you’re trying to visit, it may collect your IP address during its interaction with Safari. Now on iOS/iPadOS 14.5, that’s no longer the case. As confirmed by the Head of Engineering for WebKit, Apple will now proxy Google’s Safe Browsing feature through its own servers instead of Google as a way to “limit the risk of information leak.”

        Reply | Quote
    • Author
      Posts
    Viewing 1 reply thread

    Please follow the -Lounge Rules- no personal attacks, no swearing, no politics or religion.

    Reply To: iOS 14.5 makes it harder for hackers to develop zero-click exploits.

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

Recent Replies

Recent Topics

March 2021
M T W T F S S
1234567
891011121314
15161718192021
22232425262728
293031  

Copyright © 2004 – 2021 AskWoody Tech LLC. All rights reserved.