With the release of iOS 14 last fall, Apple has added a new security system to iPhones and iPads to protect users against attacks carried out via the iMessage instant messaging client.
Named BlastDoor, this new iOS security feature was discovered by Samuel Groß, a security researcher with Project Zero, a Google security team tasked with finding vulnerabilities in commonly-used software.
Groß said the new BlastDoor service is a basic sandbox, a type of security service that executes code separately from the rest of the operating system.
This is a big deal, and from what I understand, a major multi-year undertaking by the iMessage team. Cimpanu’s report makes it sounds like it’s an iOS 14 feature, but it’s on MacOS 11, too — it’s an iMessage feature. The basic idea is that parsing untrusted input is always a potential source for bugs. Rather than whack-a-moling these bugs one-by-one as they’re discovered, BlastDoor puts the entire process of parsing input (the text of messages, any file attachments, or even just generating URL previews) into a very sturdy vault. Anything inside the vault has almost no file system access and no network access. Open the attachments inside the vault, and only then pass them on for display.