How Apple Improved iMessage Security in iOS 14

Project Zero, Google’s security team, reverse-engineered iMessage to see how Apple improved it in its latest OS 14 releases. Specially, how it has gained new protections against zero-day attacks using BlastDoor, resliding of the shared cache, and exponential throttling.

One of the major changes in iOS 14 is the introduction of a new, tightly sandboxed “BlastDoor” service which is now responsible for almost all parsing of untrusted data in iMessages (for example, NSKeyedArchiver payloads). Furthermore, this service is written in Swift, a (mostly) memory safe language which makes it significantly harder to introduce classic memory corruption vulnerabilities into the code base.

This Person Hacked His iPod to Stream Spotify Using Raspberry Pi

Guy Dupont recently hacked an old iPod to stream Spotify. He used a Raspberry PI Zero W and a custom UI built using Python. Additionally, he fitted a 1000 mAh batter into it, a motor for haptic feedback, and a 2-inch LCD Adafruit display. “My mother-in-law recently gifted me a bag of the family’s retired iPods. I had forgotten how good it feels to hold and use one of these things. Naturally, I decided to modify one. I wanted to supply some modern features (streaming, search, Bluetooth audio, etc), while paying homage to the amazing UX that Apple originally released almost 20 years ago.”