[ad_1]
Apple is a notoriously low-key and insular organization, a trend that has often put it at odds with the security research community. The company is generally secretive about the technical details of how its products work and security features. So the resource security researchers say they rely on the most for breadcrumbs is Apple’s Annual Platform Security Guide, the new edition of which launched today. It provides the most comprehensive and technical look at Apple’s protections to date, including the first documentation of Apple’s new M1 chips.
Apple first offered the guide ten years ago as a very short article at the dawn of the iPhone era. It would later evolve into an “iOS Security Guide” focused exclusively on mobile, before expanding to macOS in 2019. It details security features such as Touch ID and Face ID, Apple’s secure enclave. and secure boot, so that software developers and security researchers can better understand how these features work and interact with each other. Over the years, the company claims to have tried to balance readability for a large audience with utility for those with more technical knowledge. This year, it contains more information than ever about new and old features.
“I am constantly referring to this guide, and has been for years, ”says Sarah Edwards, longtime security researcher at Apple. “I use it for all aspects of my research, my daily job, my teaching job, everything. About once a year I sit with him on my iPad and read it page by page to see what I may have missed before or what happens when I see him again after learning something from my research. . “
This year’s edition contains significantly expanded information on hardware like M1, new details about the secure enclave, and accounting for a host of software features.
Researchers and hackers glean a lot through reverse engineering, the process of determining how something is built by looking at the finished product. This “security through obscurity” helps keep attackers at bay to some extent, but by releasing the Platform’s Security Guide, Apple can help customers take advantage of its defensive features while providing benchmarks. to security researchers, in the hope that they can find vulnerabilities before the bad guys do.
“Everything can be retro-designed. It’s a lot of fun, at least for me, ”says Will Strafach, longtime iOS researcher and creator of the Guardian Firewall app for iOS. “But having an authoritative and detailed document from Apple is helpful because it lets people know the intentions and limitations associated with certain security capabilities. Apple still does a great job with it, even if it doesn’t dive too deep into the weeds. “
Researchers say they still have “wishlist” items they want Apple to include in future guides. Strafach wants to know more about how M1 chips safely handle the booting of other operating systems, always a question for jailbreakers when Apple releases new processors. And he’s curious about Apple’s improvements to iOS 14 that aimed to undo a ubiquitous jailbreak exploit but can be bypassed in some cases.
Researchers each have specific, even esoteric, hopes and dreams of new guides based on their specialties. Patrick Wardle, an independent Apple security researcher, said he hoped to see more details on Apple’s own antivirus and malware detection tools, which the company added in today’s report. He is still hoping to have more information on how to more granularly control certain features of macOS.
[ad_2]
Source link