Apple details major security, privacy enhancements in its devices
Security and privacy are a big selling point for Apple. The company has released on Thursday a newer version of its Platform Security Guide, outlining the security and privacy innovations and improvements its users will be able to take advantage of.
New features on M1-powered devices
Before delving deeper into the new and improved feature, it has to be mentioned that, in late 2020, Apple unveiled the first lineup of computers with M1, a new, in-house built chip that is meant to power all of its computers in the future.
The M1 chip is supposed to speed up Macs and improve their performance, but according to the updated Platform Security Guide, there are new security protections built deep into M1’s code execution architecture.
A Mac with Apple silicon has several boot modes: macOS, recoveryOS, fallback recoveryOS, and safe mode.
Its boot process is similar to iPhone’s and iPad’s, and verifies the OS code, the security policies, and kexts (kernel extensions), the deprecation of which started with macOS Catalina, and support for which will soon be removed altogether.
For Macs with Apple silicon, the control of the LocalPolicy file, which describes the configuration that the user has chosen for the system boot and runtime security policies, has been transferred to an application running in the Secure Enclave – to prevent malware from downgrading security policy controls in order to gain more privileges.
Finally, different security policies on a Mac with Apple silicon can be set for each installed operating system, and malware won’t be able to downgrade (without explicit user action) a security setting to make the system easier to compromise.
Other changes
Other changes already incorporated with the latest OS updates include:
- A read-only, dedicated, isolated volume for system content, signed with a cryptographic signature from Apple, to make it safer
- A more secure iBoot bootloader for iOS and iPadOs, to prevent memory- and type-safety issues that are typical for C programs
- An (optional) password monitoring feature to warn users when passwords stored in their Password AutoFill keychain have been exposed in known data leaks
- Security and privacy protection for users who use their iPhones and Apple Watches as their digital car keys
For details about more security and privacy improvements, check out the document revision history of the Guide.
Apple has also set up a new Security Certifications and Compliance Center, and has provided more info about the Apple Security Research Device – special iPhones provided to researchers to probe the security of the OS.