Apple released its 2021 Platform Security guide, Thursday, outlining its current and year-ahead agenda for its device hardware, software and silicon security.
This year’s 192-page report is beefed-up, compared to past reports, with a wealth of new insights into how Apple is tackling security and privacy within its entire mobile, desktop and cloud ecosystem. Previous Platform Security updates have taken a piecemeal approach to address Apple’s security universe, said Rich Mogull, analyst and CEO with Securosis.
“This is the most comprehensive platform security update we have ever seen from Apple,” he told Threatpost.
Top 2021 Apple Platform Security report themes include what Apple’s M1 silicon means for Mac security; the latest developments around its Blast Door security technology used in iMessages; and transparency around Secure Enclave – a dedicated secure subsystem integrated into Apple systems-on-a-chip (SoC).
“This [2021 Platform Security guide] provides details about how security technology and features are implemented within Apple platforms. It also helps organizations combine Apple platform security technology and features with their own policies and procedures to meet their specific security needs,” wrote Apple.
As for Apple’s M1 silicon security, the platform report debuts just as reports surface that malware authors are specifically targeting Apple’s new M1 SoC.
For Blast Door, Google’s Project Zero first highlighted the technology last month when examining iOS 14 and iMessage security.
“One of the major changes in iOS 14 is the introduction of a new, tightly sandboxed ‘BlastDoor’ service which is now responsible for almost all parsing of untrusted data in iMessages (for example, NSKeyedArchiver payloads). Furthermore, this service is written in Swift, a (mostly) memory safe language which makes it significantly harder to introduce classic memory corruption vulnerabilities into the code base,” wrote Google Project Zero in late January.
2021 Apple Platform Security Highlights Include:
- Memory safe iBoot implementation
- Boot process for a Mac with Apple silicon
- Boot modes for a Mac with Apple silicon
- Startup Disk security policy control for a Mac with Apple silicon
- Local Policy signing-key creation and management
- Password Monitoring
- IPv6 security
- Car keys security in iOS
Most of what is included in the report has been previously announced or leaked – with the exception of details around Apple’s Security Research Device.
The Apple Security Research Device is a specially fused iPhone that allows security researchers to perform research on iOS without having to defeat or disable the platform security features of iPhone, according to Apple. “With this device, a researcher can side-load content that runs with platform-equivalent permissions and thus perform research on a platform that more closely models that of production devices,” wrote Apple.
The deep dive report covers iOS 14, macOS Big Sur, Apple Silicon and iCloud Drive security. Part of today’s release also includes Security Certifications and Compliance Center website and guide. The destination is designed to allow third-party Apple customers and partners a way of assuring that Apple’s hardware, software and services meet the requirements of legislation, regulation and industry norms, according to the company.
Similar to Microsoft’s Trustworthy Computing Initiative, the Apple Platform Security report is designed to give partners, security researchers and consumers a holistic state-of-union picture of its security posture.
Is your small- to medium-sized business an easy mark for attackers?
Threatpost WEBINAR: Save your spot for “15 Cybersecurity Gaffes SMBs Make,” a FREE Threatpost webinar on Feb. 24 at 2 p.m. ET. Cybercriminals count on you making these mistakes, but our experts will help you lock down your small- to mid-sized business like it was a Fortune 100. Register NOW for this LIVE webinar on Wed., Feb. 24.