Apple has published its updated Platform Security guide and has refreshed the Apple Platform Security landing page as well. The new update provides a comprehensive overview of the latest security advancements across iOS 14, iPadOS 14, macOS Big Sur, tvOS 14, watchOS 7, and others.
According to the company, secure software necessitates the foundation of security built into the hardware.
Apple continues to push the boundaries of what’s possible in security and privacy. This year Apple devices with Apple SoC’s across the product lineup from Apple Watch to iPhone and iPad, and now Mac, utilize custom silicon to power not only efficient computation, but also security.
Apple silicon forms the foundation for secure boot, Touch ID and Face ID, and Data Protection, as well as system integrity features never before featured on the Mac including Kernel Integrity Protection, Pointer Authentication Codes, and Fast Permission Restrictions. These integrity features help prevent common attack techniques that target memory, manipulate instructions, and use javascript on the web. They combine to help make sure that even if attacker code somehow executes, the damage it can do is dramatically reduced.
Apple releases 2021 Platform Security guide for macOS Big Sur, iOS 14, and others
The guide provides security details about Safari’s optional Password Monitoring feature on macOS Big Sur and iOS 14 which automatically scans for any saved passwords that may have been involved in a data breach.
New sections for Macs with Apple Silicon have been included, outlining the security of the startup disk, boot process, boot modes, Activation Lock, Rosetta 2 translation process for running Intel-based apps on Mac, FileVault, and more. The guide also confirms that Kernel extensions will no longer be supported on future Apple Silicon Macs.
The company has built BlastDoor into macOS Big Sur, it was designed to be advanced security for iMessage last year. It is a change that users might not pay much attention to, but it is the biggest security improvement to iMessage since the service got end-to-end encryption.
In addition to enabling users to run older versions of macOS, Reduced Security is required for other actions that can put a user’s system security at risk, such as introducing third-party kernel extensions (kexts). Kexts have the same privileges as the kernel, and thus any vulnerabilities in third-party kexts can lead to full operating system compromise. This is why developers are being strongly encouraged to adopt system extensions before kext support is removed from macOS for future Mac computers with Apple silicon.
The new topics added to the updated Platform Security guide are:
- Car keys security in iOS
- IPv6 security
- LocalPolicy signing-key creation and management
- Contents of a LocalPolicy file for a Mac with Apple Silicon
- Apple Security Research Device
- Password Monitoring
- Boot modes for a Mac with Apple Silicon
- Boot process for a Mac with Apple Silicon
- Memory safe iBoot implementation
- Signed system volume security in macOS
The last version to fully support Kernel extensions was macOS Catalina. According to Apple, Kernel extensions are no longer recommended for macOS, saying that they model risk to the integrity and reliability of the operating system.
Since macOS Catalina, developers were provided the ability to use system extensions that run in user space rather than at the kernel level. In order to increase the stability and security of macOS, system extensions operating in user space are allowed only the perquisites required to perform specified functions. You can visit the updated Apple Platform Security guide here.
Read More:
2 comments