Arab Press

بالشعب و للشعب
Wednesday, Oct 01, 2025

Apple Fixes One of the iPhone's Most Pressing Security Risks

Apple Fixes One of the iPhone's Most Pressing Security Risks

By hardening iMessage in iOS 14, the company has effectively cut off what had been an increasingly popular line of attack.
Apple's iOS operating system is generally considered secure, certainly enough for most users most of the time. But in recent years hackers have successfully found a number of flaws that provide entry points into iPhones and iPads. Many of these have been what are called zero-click or interactionless attacks that can infect a device without the victim so much as clicking a link or downloading a malware-laced file.

Time and again these weaponized vulnerabilities turned out to be in Apple's chat app, iMessage. But now it appears that Apple has had enough. New research shows that the company took iMessage's defenses to a whole other level with the release of iOS 14 in September.

At the end of December, for example, researchers from the University of Toronto’s Citizen Lab published findings on a hacking campaign from the summer in which attackers successfully targeted dozens of Al Jazeera journalists with a zero-click iMessages attack to install NSO Group's notorious Pegasus spyware. Citizen Lab said at the time that it didn't believe iOS 14 was vulnerable to the hacking used in the campaign; all the victims were running iOS 13, which was current at the time.

Samuel Groß has long investigated zero-click iPhone attacks alongside a number of his colleagues at Google's Project Zero bug-hunting team. The week, he detailed three improvements that Apple added to iMessage to harden the system and make it much more difficult for attackers to send malicious messages crafted to wreak strategic havoc.

“These changes are probably very close to the best that could’ve been done given the need for backward compatibility, and they should have a significant impact on the security of iMessage and the platform as a whole,” Groß wrote on Thursday. “It’s great to see Apple putting aside the resources for these kinds of large refactorings to improve end users’ security.”

In response to Citizen Lab's research, Apple said in December that “iOS 14 is a major leap forward in security and delivered new protections against these kinds of attacks.”

iMessage is an obvious target for zero-click attacks for two reasons. First, it's a communication system, meaning part of its function is to exchange data with other devices. iMessage is literally built for interactionless activity; you don't need to tap anything to receive a text or photo from a contact. And iMessage's full suite of features—integrations with other apps, payment functionality, even small things like stickers and memoji—make it fertile ground for hackers as well. All those interconnections and options are convenient for users but add “attack surface,” or potential for weakness.

“iMessage is a built-in service on every iPhone, so it’s a huge target for sophisticated hackers,” says Johns Hopkins cryptographer Matthew Green. “It also has a ton of bells and whistles, and every single one of those features is a new opportunity for hackers to find bugs that let them take control of your phone. So what this research shows is that Apple knows this and has been quietly hardening the system.”

Groß outlines three new protections Apple developed to deal with its iMessage security issues at a structural level, rather than through Band-Aid patches. The first improvement, dubbed BlastDoor, is a “sandbox,” essentially a quarantine zone where iMessage can inspect incoming communications for potentially malicious attributes before releasing them into the main iOS environment.

The second new mechanism monitors for attacks that manipulate a shared cache of system libraries. The cache changes addresses within the system at random to make it harder to access maliciously. iOS only changes the address of the shared cache after a reboot, though, which has given zero-click attackers an opportunity to discover its location; it's like taking shots in the dark until you hit something. The new protection is set up to detect malicious activity and trigger a refresh without the user having to restart their iPhone.

The final addition makes it more difficult for hackers to “brute force,” or retry attacks multiple times—a common technique in zero-click hacks if an assault doesn't quite work the first time. This protection is relevant to reducing those shots in the dark to find the shared cache, but also to attacks more broadly, like attempts to send multiple malicious texts (which are typically invisible to the user) to retry an attack until it works.

Independent researchers agree with Groß's assessment that the version of iMessage in iOS 14 is much better defended against these types of attacks.

“The mitigations are very welcome and appear to be intelligently done,” says Will Strafach, a longtime iOS researcher and creator of the Guardian Firewall app for iOS. “I would have hoped to see something like this sooner as iMessage is a big target for remote attacks, but it at least looks like they put a decent amount of care into this.”

Now that they're here, the improvements should make a big difference in curbing the rising tide of interactionless attacks against iMessage. But researchers warn that it's only a matter of time before attackers find a new spin on their stalwart techniques.
Newsletter

Related Articles

Arab Press
0:00
0:00
Close
Altman Says GPT-5 Already Outpaces Him, Warns AI Could Automate 40% of Work
Trump Organization Teams with Saudi Developer on $1 Billion Trump Plaza in Jeddah
Archaeologists Recover Statues and Temples from 2,000-Year-Old Sunken City off Alexandria
Colombian President Petro Vows to Mobilize Volunteers for Gaza and Joins List of Fighters
Nvidia and Abu Dhabi’s TII Launch First AI-&-Robotics Lab in the Middle East
UK, Canada, and Australia Officially Recognise Palestine in Historic Shift
Dubai Property Boom Shows Strain as Flippers Get Buyer’s Remorse
JWST Data Brings TRAPPIST-1e Closer to Earth-Like Habitability
UAE-US Stargate Project Poised to Make Abu Dhabi a Global AI Powerhouse
Saudi Arabia cracks down on music ‘lounges’ after conservative backlash
Saudi Arabia Signs ‘Strategic Mutual Defence’ Pact with Pakistan, Marking First Arab State to Gain Indirect Access to Nuclear Strike Capabilities in the Region
Turkish car manufacturer Togg Enters German Market with 5-Star Electric Sedan and SUV to Challenge European EV Brands
World’s Longest Direct Flight China Eastern to Launch 29-Hour Shanghai–Buenos Aires Direct Flight via Auckland in December
New OpenAI Study Finds Majority of ChatGPT Use Is Personal, Not Professional
Kuwait opens bidding for construction of three cities to ease housing crunch.
Indian Student Engineers Propose “Project REBIRTH” to Protect Aircraft from Crashes Using AI, Airbags and Smart Materials
Could AI Nursing Robots Help Healthcare Staffing Shortages?
Turkish authorities seize leading broadcaster amid fraud and tax investigation
Apple Introduces Ultra-Thin iPhone Air, Enhanced 17 Series and New Health-Focused Wearables
Big Oil Slashes Jobs and Investments Amid Prolonged Low Crude Prices
Social Media Access Curtailed in Turkey After CHP Calls for Rallies Following Police Blockade of Istanbul Headquarters
Gold Could Reach Nearly $5,000 if Fed Independence Is Undermined, Goldman Sachs Warns
Uruguay, Colombia and Paraguay Secure Places at 2026 World Cup
Trump Administration Advances Plans to Rebrand Pentagon as Department of War Instead of the Fake Term Department of Defense
Tether Expands into Gold Sector with Profit-Driven Diversification
Trump’s New War – and the ‘Drug Tyrant’ Fearing Invasion: ‘1,200 Missiles Aimed at Us’
At the Parade in China: Laser Weapons, 'Eagle Strike,' and a Missile Capable of 'Striking Anywhere in the World'
Information Warfare in the Age of AI: How Language Models Become Targets and Tools
Israeli Airstrike in Yemen Kills Houthi Prime Minister
After the Shock of Defeat, Iranians Yearn for Change
YouTube Altered Content by Artificial Intelligence – Without Permission
Iran Faces Escalating Water Crisis as Protests Spread
More Than Half a Million Evacuated as Typhoon Kajiki Heads for Vietnam
HSBC Switzerland Ends Relationships with Over 1,000 Clients from Saudi Arabia, Lebanon, Qatar, and Egypt
Sharia Law Made Legally Binding in Austria Despite Warnings Over 'Incompatible' Values
Dogfights in the Skies: Airbus on Track to Overtake Boeing and Claim Aviation Supremacy
Tim Cook Promises an AI Revolution at Apple: "One of the Most Significant Technologies of Our Generation"
Are AI Data Centres the Infrastructure of the Future or the Next Crisis?
Miles Worth Billions: How Airlines Generate Huge Profits
Zelenskyy Returns to White House Flanked by European Allies as Trump Pressures Land-Swap Deal with Putin
Beijing is moving into gold and other assets, diversifying away from the dollar
Trump Backs Putin’s Land-for-Peace Proposal Amid Kyiv’s Rejection
Zelenskyy to Visit Washington after Trump–Putin Summit Yields No Agreement
Iranian Protection Offers Chinese Vehicle Shipments a Cost Advantage over Japanese and Korean Makers
United States Sells Luxury Yacht Amadea, Valued at Approximately $325 Million, in First Sale of a Seized Russian Yacht Since the Invasion of Ukraine
Saudi Arabia accelerates renewables to curb domestic oil use
Cristiano Ronaldo and Georgina Rodríguez announce engagement
Asia-Pacific dominates world’s busiest flight routes, with South Korea’s Jeju–Seoul corridor leading global rankings
Private Welsh island with 19th-century fort listed for sale at over £3 million
Sam Altman challenges Elon Musk with plans for Neuralink rival
×