Apple today shared an updated version of its Platform Security Guide [PDF], providing an overview of the latest security advances in iOS 14, iPadOS 14, macOS Big Sur, tvOS 14, watchOS 7 and more.
/article-new/2021/02/apple-devices-mac-iphone-ipad-watch-collage.jpg?resize=560%2C329&ssl=1)
For example, the guide provides security details about Safari’s optional password control feature in iOS 14 and macOS Big Sur, which automatically monitors saved passwords that may have been involved in a data breach. Apple also describes the security of the car’s new digital key feature on the iPhone and Apple Watch.
Apple has updated its “security commitment” preamble and announced the security benefits of Apple-designed chips for the iPhone, iPad, Apple Watch and Mac:
Apple continues to push the boundaries of what’s possible in security and privacy. This year, Apple devices with Apple’s SoC across the full range of products, from Apple Watch to iPhone and iPad, and now Mac, use custom silicon to generate not only efficient computing, but also security. Apple Silicon forms the basis for secure boot, Touch ID and Face ID and data protection, as well as system integrity features never introduced on the Mac, including kernel integrity protection, authentication codes pointer and quick permission restrictions. These integrity features help prevent common memory-targeted attack techniques, manipulate instructions, and use javascript on the web. They combine to make sure that even if the attack code is executed in some way, the damage it can do is drastically reduced.
New sections have been added for Apple silicon Macs, describing the security of the boot process, boot modes, boot disk, the Rosetta 2 translation process to run Intel-based Mac applications, FileVault , Activation Lock and more.
As expected, the guide confirms that kernel extensions will not be supported on future Macs with Apple Silicon (our emphasis):
In addition to allowing users to run earlier versions of macOS, security needs to be reduced for other actions that could jeopardize a user’s system security, such as introducing third-party kernel extensions (kexts). Kexts have the same privileges as the kernel, and therefore any vulnerability in third-party texts can lead to a total compromise of the operating system. Therefore, it is recommended that developers adopt system extensions before macOS kext support for future Apple silicon Mac computers is removed.
macOS Catalina was the latest version of macOS that fully supported kernel extensions. Apple says kernel extensions are no longer recommended for macOS, noting that they pose a risk to operating system integrity and reliability.
Starting with macOS Catalina, developers have been able to use system extensions that run in the user space instead of at the kernel level. System extensions running in the user space are only granted the necessary privileges to perform the specified function, which increases the stability and security of macOS, according to Apple.
Apple includes a section of the document review history in the Platform Security Guide with a list of all new and updated information.
Apple also has a new certification and security compliance center.