A security researcher with Google’s Project Zero team has revealed that Apple is using a new “BlastDoor” sandbox security system for the Messages app in iOS 14. Apple did not talk about this new security method when it unveiled iOS 14 at WWDC 2020 last year.
As explained by security researcher Samuel Groß, BlastDoor is a “basic sandbox” that allows the Messages app to execute code separately from the rest of the OS.
Apple already offers various sandboxing security measures in iOS but BlastDoor is a new addition specifically for iMessage. It takes the content of all new messages and processes them in an isolated environment so that any malicious code hidden in a message cannot harm the device, retrieve user data, or compromise the security of the device. This will help protect users against attacks carried out using the Messages app, something which has increased in recent years.
The end result of the changes made by Apple is “close to the best” that could have been done given the scenario.
Overall, these changes are probably very close to the best that could’ve been done given the need for backwards compatibility, and they should have a significant impact on the security of iMessage and the platform as a whole. It’s great to see Apple putting aside the resources for these kinds of large refactorings to improve end users’ security.
Multiple remote code execution bugs have been found in iOS over the last few years that have allowed hackers to plant malware in iPhones and steal user data, location, etc. Last year, it was reported that the iPhones of many Al Jazeera journalists were hacked using the Messages app. This new BlastDoor security system for the Messages app from Apple should hopefully reduce remote execution attacks on iPhone users.
[Via ZDNet]