11/1/2022 0 Comments Imtransferagent little snitchGroß said that Swift makes it “significantly” harder to introduce memory-corruption vulnerabilities into the code base. Second, BlastDoor is written in Swift, which is a memory-safe language. This secure environment means that any malicious code sent by attackers via iMessage is prevented from accessing user data or interacting with other parts of the operating system. #Imtransferagent little snitch driversGroß said the sandbox profile of BlashDoor is “quite tight,” with almost all file system interactions being blocked, outbound network access being denied, and any interaction with IOKit drivers being forbidden. IOKit allows the access of hardware devices and drivers for various apps and services, and is historically a big source of vulnerabilities. Only two processes (IMTransferAgent, which handles message file transfers, and apsd, Apple’s Push Notification Service daemon) are required to perform network operations. This means that when a message is received, the processes on the backend execute code separately from the operating system. “It’s great to see Apple putting aside the resources for these kinds of large refactorings to improve end users’ security.” What is BlastDoor?īlastDoor has two important security implications.įirst, the service allows sandboxing rules to be applied across the pipeline when a message is received on a phone. “Overall, these changes are probably very close to the best that could’ve been done given the need for backwards compatibility, and they should have a significant impact on the security of iMessage and the platform as a whole,” said Groß on Thursday. However, what those specific protections were remained unknown until Groß’s analysis this week. Groß was able to perform reverse-engineering in order to analyze the new service, using an M1 Mac Mini running macOS 11.1, and verifying his findings by applying them to iOS 14.3 (running on an iPhone XS), Citizen Lab, who disclosed the campaign in December, at the time said it did not believe that the exploit works against iOS 14, as it “includes new security protections.” The service comes on the heels of a recently uncovered iMessage zero-click exploit, which was being leveraged in an espionage attack against Al Jazeera journalists and executives. In an effort to prevent attacks from being launched via its iMessage feature, Apple has debuted a security service called BlastDoor in iOS 14, its current mobile operating system version.įirst detailed in an analysis this week by Google Project Zero’s Samuel Groß, BlastDoor acts as a “tightly sandboxed” service that is responsible for “almost all” of the parsing of untrusted data in iMessages.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |