Apple this week updated its Platform Security guide, which contains in-depth technical information on security features implemented in its products. First released in 2015, the latest update adds six new topics, including first-ever details on BlastDoor 0-click protection and App Store security.
9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
Apple has long touted its hardware, software, and services are designed in tandem for maximum security and transparency. Of course, nothing is one hundred percent secure, as we witnessed with the discovery of the Operation Triangulation 0-click iMessage spyware campaign in 2023.
In the midst of the exploit, Samuel Groß, a security researcher working with Google’s Project Zero discovered a hidden iMessage security system in iOS 14.3 called BlastDoor while reverse engineering an iPhone XS. He found that the feature acted as a sandbox that securely processed incoming messages in an isolated environment, checking for malware before presenting them to the user.
This was presumably Apple’s first response to the increase in iMessage exploit activity; years before the release of Lockdown Mode, which was primarily designed for high-profile individuals. However, BlastDoor went without documentation or acknowledgment for years…until this week.
Apple also shared some information about the security measures in place in the App Store. This comes as alternative app stores, which are considered less safe by Apple, are now permitted on iPhones in the EU. It seems that Apple wants to reassure users about the safety and reliability of the App Store. However, I think the reality may be slightly grimmer than what Apple portrays. There has been a growing concern about the App Store’s approval process as it continues to allow privacy-invasive and sometimes malicious apps, such as crypto wallets or GPT clones.
2024 Apple Platform Security guide
The latest Apple Platform Security guide update details some of the changes the company has implemented in the past two years.
“This documentation provides details about how security technology and features are implemented within Apple platforms. It also helps organizations combine Apple platform security technology and features with their own policies and procedures to meet their specific security needs,” says Apple.
New topics added to the Apple Platform Security guide this year:
Cryptex1 Image4 Manifest Hash (spih)
Cryptex1 Generation (stng)
BlastDoor for Messages and IDS
Lockdown Mode security
About App Store security
WidgetKit security
Topics that have been updated:
Introduction to Apple platform security
Apple SoC security
Secure Enclave
Face ID, Touch ID, passcodes, and passwords
Facial matching security
Uses for Face ID and Touch ID
Express Cards with power reserve
Operating system integrity
Activating data connections securely
Verifying accessories for iPhone and iPad
System security for watchOS
Passcodes and passwords
Data Protection overview
Keybags for Data Protection
Protecting keys in alternate boot modes
Protecting user data in the face of attack
Managing FileVault in macOS
Intro to app security for iOS and iPadOS
Gatekeeper and runtime protection in macOS
Managed Apple ID security
iCloud encryption
Account recovery contact security
Legacy Contact security
iCloud Keychain security overview
Secure keychain syncing
Escrow security for iCloud Keychain
Card provisioning security overview
Adding credit or debit cards to Apple Pay
Paying with cards using Apple Pay
Apple Card security
Tap to Pay on iPhone security
Access using Apple Wallet
Access key types
IDs in Apple Wallet
Security of IDs in Apple Wallet
Developer kit security overview
HomeKit communication security
Mobile device management security overview
Configuration enforcement
You can download the full 265-page 2024 Apple Security Platforms guide here.
About Security Bite: Security Bite is a weekly security-focused column on 9to5Mac. Every week, Arin Waichulis delivers insights on data privacy, uncovers vulnerabilities, and sheds light on emerging threats within Apple’s vast ecosystem of over 2 billion active devices. Stay secure, stay safe.
More in this series
Here’s what malware your Mac can detect and remove
Did Apple just declare war on Adload malware?
Cybercriminals take advantage of Apple Store Online’s third-party pickup
Annual cost of cybercrime to hit $9.2 trillion in 2024
Follow Arin: Twitter/X, LinkedIn, Threads
FTC: We use income earning auto affiliate links. More.
>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : 9to5Mac – https://9to5mac.com/2024/05/10/security-bite-apple-updates-platform-security-guide-with-first-ever-details-on-app-store-security-blastdoor-more/
