Quote:In an effort to prevent attacks from being launched via its iMessage feature, Apple has debuted a security service called BlastDoor in iOS 14, its current mobile operating system version.
First detailed in an analysis this week by Google Project Zero’s Samuel Groß, BlastDoor acts as a “tightly sandboxed” service that is responsible for “almost all” of the parsing of untrusted data in iMessages.
The service comes on the heels of a recently uncovered iMessage zero-click exploit, which was being leveraged in an espionage attack against Al Jazeera journalists and executives. Citizen Lab, who disclosed the campaign in December, at the time said it did not believe that the exploit works against iOS 14, as it “includes new security protections.”
However, what those specific protections were remained unknown until Groß’s analysis this week. Groß was able to perform reverse-engineering in order to analyze the new service, using an M1 Mac Mini running macOS 11.1, and verifying his findings by applying them to iOS 14.3 (running on an iPhone XS),
“Overall, these changes are probably very close to the best that could’ve been done given the need for backwards compatibility, and they should have a significant impact on the security of iMessage and the platform as a whole,” said Groß on Thursday. “It’s great to see Apple putting aside the resources for these kinds of large refactorings to improve end users’ security.”
Read more: https://threatpost.com/apple-ios-imessag...or/163479/
![[-]](https://www.geeks.fyi/images/collapse.png)
