Apple publishes iOS security guide
Apple has a reputation for being extremely reticent when it comes to discussing security in public – so much so that most of the security features their devices sport have been discovered by researchers via reverse-engineering.
Consequently, the news that the Cupertino-based giant has actually published an iOS security guide that details these features will surely surprise many.
Released last month, the guide explains the operating system’s architecture, encryption, data protection, network security, and device access features, and finally confirms that iOS uses address space layout randomization to thwart malware and exploits.
It also explains the layered approach to security it implements, which includes sandboxing, code signing and entitlements in apps.
“Many security features are enabled by default, so IT departments don’t need to perform extensive configurations. And some key features, like device encryption, are not configurable, so users cannot disable them by mistake. For organizations considering the security of iOS devices, it is helpful to understand how the built-in security features work together to provide a secure mobile computing platform.” it is pointed out in the guide.
Also, as noted by researcher Charlie Miller, the guide was published in the “enterprise” side of Apple’s site.
Taking all this into consideration, it seems likely that this highly unusual step was made in order to reassure enterprises that Apple’s devices are a great fit for their businesses.
Or perhaps the recent incident with the Flashback malware and Apple’s poor reaction to the situation has made the company reconsider their tight-lipped approach to informing its customers about possible dangers and security issues that might affect them.