Apple Silently Enables ClickJack Protection for All Apps
Apple has quietly implemented a significant security enhancement across it’s platforms, activating ClickJack protection for all applications. The feature, designed to prevent malicious actors from tricking users into performing unintended actions within legitimate apps, was enabled wiht the release of iOS 17.4, iPadOS 17.4, and macOS Sonoma 14.4.
This move addresses a long-standing vulnerability where attackers could overlay deceptive elements onto genuine app interfaces, leading users to unknowingly grant permissions or execute harmful commands. While developers could previously opt-in to ClickJack protection, the default-on approach dramatically expands its reach, safeguarding a vast ecosystem of over two billion active Apple devices. Security researcher Arin Waichulis highlighted the change,noting its potential to mitigate a wide range of phishing and manipulation attacks.
ClickJack, short for “Clickjacking,” exploits the way web browsers and applications handle layered content.Attackers essentially create an invisible layer over a legitimate app, altering the user’s perception of what they are clicking on. For example, a user might believe they are pressing a “like” button, but are actually authorizing access to sensitive data.
Apple’s implementation prevents this by ensuring that apps can only respond to user interactions originating from within their own boundaries. This effectively blocks the overlay attacks, making it significantly harder for malicious actors to deceive users. The change impacts all apps, regardless of whether developers have specifically coded for ClickJack protection.
“This is one of the most practical security features Apple has shipped in a long time,” Waichulis stated. “It’s a silent, system-level defence that protects users without requiring any action on their part.”
Users do not need to take any action to benefit from the enhanced security. The protection is automatically enabled with the latest software updates. Developers are encouraged to review Apple’s documentation to understand the implications of the change and ensure their apps remain fully functional.
Follow Arin Waichulis: Twitter/X, LinkedIn, Threads
FTC: We use income earning auto affiliate links. More.
image of iPhone 17 Series Grip Banner
