"Google Researcher Discovers New iOS Security System"

Apple has added a new security system discovered by Samuel Grob, a security researcher with Google's Project Zero team, to iPhones and iPads. The new iOS security feature named BlastDoor protects users from attacks launched through the iMessage instant messaging client as this service has been the target of multiple attacks in the past. Several researchers have pointed out the iMessage service's inadequate sanitization of incoming user data. In the past three years, there had been multiple cases in which security researchers or real-world attackers discovered and exploited iMessage remote code execution (RCE) bugs to gain control over an iPhone via the delivery of texts, photos, or videos. BlastDoor helps iMessage handle incoming content. It is a sandbox service that unpacks and processes incoming messages' content in an isolated environment where hidden malicious code cannot interact with the rest of the operating system or recover a user's data. Although iOS has multiple sandbox mechanisms, the BlastDoor sandbox is only added to iMessage's source code. This article continues to discuss the new BlastDoor service and its impact on the security of iMessage, as well as some notable attacks that prompted the development of this iOS security feature.

ZDNet reports "Google Researcher Discovers New iOS Security System"