Apple shared today an updated version of its platform security guide [PDF]which provides a comprehensive overview of the latest security advances in iOS 14, iPadOS 14, macOS Big Sur, tvOS 14, watchOS 7 and more.
/article-new/2021/02/apple-devices-mac-iphone-ipad-watch-collage.jpg?resize=560%2C329&ssl=1)
For example, the guide contains security details about Safari’s optional password monitoring feature on iOS 14 and MacOS Big Sur, which automatically keeps an eye on the stored passwords that may have been involved in a data breach. Apple also outlines the security of its new digital car key feature on the iPhone and Apple Watch.
Apple has updated its “Commitment to Security” preface, pointing out the security benefits of Apple-designed chips on the iPhone, iPad, Apple Watch and Mac:
Apple continues to push the boundaries of what is possible in security and privacy. This year, Apple devices with Apple SoCs use the entire product range from Apple Watch to iPhone and iPad, and now Mac, custom silicone to drive not only efficient computing but also security. Apple Silicone forms the basis for secure startup, Touch ID and Face ID and data protection, as well as features of system integrity that have never appeared before on the Mac, including core integrity protection, pointer verification codes and quick permission restrictions. These integrity features help to manipulate common attack techniques that target memory, instructions, and prevent javascript on the Internet. It combines to ensure that even if the attacker code is executed in some way, the damage it can inflict is dramatically reduced.
New sections have been added for Macs with Apple silicone, which outlines the security of the boot process, boot modes, boot disk, Rosetta 2 translation process for using Intel-based Mac applications, FileVault, Activation Lock and more.
As expected, the guide confirms that kernel extensions are not supported on future Macs with Apple silicone (highlight ours):
In addition to allowing users to run older versions of macOS, Reduced Security is also needed for other actions that could compromise the user’s system security, such as configuring third-party kexts. Kexts has the same privileges as the kernel, and therefore any vulnerabilities in third-party kexts may result in full exploitation of the operating system. This is why developers are strongly encouraged to adopt system extensions before removing MacOS kext support for future Apple silicone Macs.
macOS Catalina was the latest version of macOS that fully supports kernel extensions. Apple says core extensions are no longer recommended for macOS, noting that they pose a risk to the integrity and reliability of the operating system.
Started with macOS Catalina, and developers could use system extensions that take place in the user space rather than at the core level. System extensions offered in the user space, according to Apple, only get the privileges needed to perform their specified function, which increases the stability and security of macOS.
Apple includes a section for reviewing documents in the Platform Security Guide with a list of all new and updated information.
Apple also has a new center for security certification and compliance.