Apple is a an infamous and defensive organization, a bias that has often gone against the security search community. The company usually secrets technical details on how its products and security features work. So the resource that security researchers say has become mostly reliant on breadcrumbs is Apple’s annual Platform Security Guide, the new edition of which was launched in the -today. It provides the most complete and technical view of Apple’s defenses yet – introducing the first version of Apple’s new M1 chips.
Apple first offered the lead a decade ago as a very short-lived version at the beginning of the iPhone era. It would then grow into an “iOS Security Guide” with a particular focus on mobile, before expanding to include macOS in 2019. It details security features such as Touch ID and Face ID, Apple’s secure enclave, and secure shoe, so that software developers and security researchers can understand more about how these features work and interact with each other . Over the years, the company says they have tried to balance reading opportunity for a wide and useful audience for those with deeper technical knowledge. This year, he’s packing in more information than ever. about features both new and old.
“I am always references that guidance, and they have been for years, ”said Sarah Edwards, Apple’s long-time security analyst. “I use it for all aspects of my research, my day job, my teaching gig, everything. About once a year or so I sit down with it on my iPad and read it page by page to see what I would have missed before or what happens to ‘click’ when I review again after learning something through my research. ”
This year’s edition includes greatly expanded information about hardware like M1, new details about the secure enclave, and an account of several software features.
Researchers and hackers alike gather a lot through background engineering, the process of determining how to build something by examining the finished product. That “security through the dark” will help keep attackers at bay to some degree, but by releasing the Platform Security Guide, Apple can help its customers to take advantage on its protective features while also providing instructions for security investigators, hoping to find previous vulnerabilities. the bad guys do.
“Everything can be turned into engineering. That’s a lot of fun, at least for me, ”said Will Strafach, a long-time iOS researcher and creator of the Guardian Firewall app for iOS. “But it’s useful to have an accurate and detailed authoritative document from Apple, as it allows people to get to know the secrets and limitations associated with certain security capabilities. Apple always does a good job with it, even if it doesn’t dive too deep into the figs. “
Researchers say they always have some “wish list” things they want Apple to include in future directions. Strafach wants to know more about how M1 chips securely handle other operating systems, always a question for jailbreakers when Apple releases new processors. And it’s well-known about Apple’s iOS 14 developments that were supposed to overlook a ubiquitous jailbreak message but can be found around in some cases.
Each researcher has unique, even esoteric, hopes and dreams for new directions based on their specialties. Patrick Wardle, Apple’s independent security analyst, said he hoped to see more details about Apple’s own anti-virus and malware detectors, something the company added in today’s report . He still hopes to gain more insight, however, on how you can control some macOS features more accurately.