Apple’s iOS 14.5 update is now in the hands of developers as well as those running the latest public beta and that means we’re learning more about the update even before it’s released to everyone.

One of the things we’ve learned includes the fact that the update will make zero-click exploits “significantly harder” for bad actors to implement.

According to a Motherboard report, multiple security researchers have noted that changes under the iOS 14.5 hood will make such attacks less likely because they are more difficult to implement.

The new improvements are said to relate to the Pointer Authentication Codes, which is a cryptography security feature that Apple added to the iPhone and iPad software back in 2018. Things have been taken a step further with iOS 14.5.

ISA pointers are a related feature of iOS’s code that tells a program what code to use when it runs. Until now, they were not protected with PAC, as Samuel Groß from Google Project Zero explained last year. By using cryptography to sign these pointers, Apple extended PAC protections to ISA pointers.

However, one jailbreak developer, James Bishop, says that this new move is unlikely to kill off zero-click exploits but rather make them more costly to purchase.

“When there’s a will there’s a way—there’s always going to be bugs of some sort, whether that be in PAC or whether it be a completely different exploitation strategy,” Jamie Bishop, one of the developers of the popular jailbreak Checkra1n, told Motherboard in an online chat. “This mitigation in reality probably just raises the cost of 0clicks, but a determined attacker with a lot of resources would still be able to pull it off.”

Apple did tell Motherboard that it has made changes to prevent zero-click exploits and you can read more about what various security researchers have to say about the changes in the original Motherboard article.

You may also like to check out:

You can follow us on Twitter, or Instagram, and even like our Facebook page to keep yourself updated on all the latest from Microsoft, Google, Apple, and the Web.

Related Stories