Apple Publishes New Platform Security Guide

Apple Publishes New Platform Security Guide

Apple on Friday published its new Apple Platform Security Guide, which offers users details about the security technology and features that are implemented within Apple device platforms. The new security guide include sections on Mac for the first time ever.

The documentation has been updated with information about change in iOS 13.3, iPadOS 13.3, macOS 10.15.2, tvOS 13.3, and watchOS 6.1.1. The Security site also includes information about hardware and services, offering comprehensive information in a readable format. Topics include:

  • Hardware Security – Secure software requires a foundation of security built into hardware. That’s why Apple devices—running iOS, iPadOS, macOS, tvOS, or watchOS—have security capabilities designed into silicon.
  • System Security: Building on the unique capabilities of Apple hardware, system security is designed to maximize the security of the operating systems on Apple devices without compromising usability. System security encompasses the boot-up process, software updates, and the ongoing operation of the OS.
  • Encryption and Data Protection: Apple devices have encryption features to safeguard user data and enable remote wipe in the case of device theft or loss.
  • App Security: Apple provides layers of protection to ensure that apps are free of known malware and haven’t been tampered with. Additional protections enforce that access from apps to user data is carefully mediated.
  • Services Security: Apple has built a robust set of services to help users get even more utility and productivity out of their devices. These services include Apple ID, iCloud, Sign in with Apple, Apple Pay, iMessage, FaceTime, and Find My.
  • Network Security: Industry-standard networking protocols that provide secure authentication and encryption of data in transmission.
  • Developer Kits: Frameworks for secure and private management of home and health, as well as extension of Apple device and service capabilities to third-party apps.
  • Secure Device Management: Methods that allow management of Apple devices, prevent unauthorized use, and enable remote wipe if a device is lost or stolen.
  • Security Certifications and Programs: Information on ISO certifications, Cryptographic validation, Common Criteria Certification, and the Commercial Solutions for Classified (CSfC) Program.

Users can browse the site via a Table of Contents at the top of the page, or can view a PDF of the information.

As promised back in August, the Apple bug bounty program is now open to all. The initiative had been invitation-only. Now, any security researcher who finds bugs in iOS, macOS, tvOS, watchOS, or iCloud will be eligible to receive a cash payout for disclosing the vulnerability to Apple.