Apple Updates Platform Security Guide, Says Kernel Extensions Won’t Be Supported on Future Apple Silicon Macs



[ad_1]

Apple today shared an updated version of its platform security guide [PDF], providing a comprehensive overview of the latest security advancements on iOS 14, iPadOS 14, macOS Big Sur, tvOS 14, watchOS 7, and more.

Apple devices mac iphone ipad watch collage


For example, the guide provides security details on Safari’s optional password monitoring feature on iOS 14 and macOS Big Sur, which automatically keeps tabs on any saved passwords that may have been involved in a breach. data. Apple also describes the security of its new digital car keys feature on the iPhone and Apple Watch.

Apple has updated its “Security Commitment” preamble, touting the security benefits of Apple-designed chips on the iPhone, iPad, Apple Watch, and Mac:

Apple continues to push the boundaries of what’s possible when it comes to security and privacy. This year, Apple devices with Apple SoCs across the entire product line, from Apple Watch to iPhone and iPad, and now Macs, use custom silicon to power not only efficient calculations, but also Security. Apple silicon is the foundation for Secure Boot, Touch ID and Face ID, and data protection, along with system integrity features never before seen on the Mac, including kernel integrity protection , Pointer Authentication Codes, and Quick Authorization Restrictions. These integrity features help prevent common attack techniques that target memory, manipulate instructions, and use javascript on the web. They combine to ensure that even if the attacker’s code somehow executes, the damage it can cause is drastically reduced.

New sections have been added for Macs with Apple silicon, describing boot process security, boot modes, boot disk, Rosetta 2 translation process for running Intel based Mac applications, FileVault, Activation Lock , etc.

As expected, the guide confirms that kernel extensions will not be supported on future Macs with Apple silicon (emphasis added):

In addition to allowing users to run older versions of macOS, reduced security is required for other actions that can endanger the security of a user’s system, such as the introduction of kernel extensions. third parties (kexts). The kexts have the same privileges as the kernel, and therefore any vulnerability in third party kexts can lead to a complete compromise of the operating system. Therefore, developers are strongly encouraged to adopt system extensions before kext support was removed from macOS for future Mac computers with Apple silicon.

macOS Catalina was the last version of macOS to fully support kernel extensions. Apple claims that kernel extensions are no longer recommended for macOS, noting that they pose a risk to the integrity and reliability of the operating system.

Starting with macOS Catalina, developers were able to use system extensions that run in userspace rather than at the kernel level. System extensions running in user space are only given the privileges necessary to perform their specified function, which increases the stability and security of macOS, according to Apple.

Apple includes a Document Revision History section in the Platform Safety Guide with a list of all new and updated information.

Apple also has a new security certification and compliance center.

[ad_2]

Source link