Apple today shared an updated version of its Platform Security Guide [PDF], providing a comprehensive overview of the latest security advances in iOS 14, iPadOS 14, macOS Big Sur, tvOS 14, watchOS 7 and more.
/article-new/2021/02/apple-devices-mac-iphone-ipad-watch-collage.jpg?resize=560%2C329&ssl=1)
For example, the guide provides security details about Safari’s optional password monitoring feature on iOS 14 and macOS Big Sur, which automatically keeps an eye out for any saved passwords that may be involved in a data breach. Apple also describes the security of its new digital car key feature on the iPhone and Apple Watch.
Apple updated its “security commitment” preamble, publicizing the security advantages of chips designed by Apple on the iPhone, iPad, Apple Watch and Mac:
Apple continues to push the boundaries of what’s possible in security and privacy. This year, Apple devices with Apple SoC across the entire Apple Watch product line to the iPhone and iPad, and now Mac, use custom silicon to provide not only efficient computing, but also security. Apple silicon forms the basis for secure boot, Touch ID and Face ID and data protection, as well as system integrity features never before presented on the Mac, including Kernel Integrity Protection, Pointer Authentication Codes and Fast Permission Restrictions. These integrity features help prevent common attack techniques that target memory, manipulate instructions, and use javascript on the web. They combine to help ensure that even if the attacker’s code is executed in some way, the damage it can cause is drastically reduced.
New sections have been added for Macs with Apple silicon, describing the security of the boot process, boot modes, boot disk, Rosetta 2 translation process to run Intel-based Mac applications, FileVault, Activation Lock and more.
As expected, the guide confirms that kernel extensions will not be supported on future Macs with Apple silicon (emphasis added):
In addition to allowing users to run older versions of macOS, Reduced Security is necessary for other actions that could jeopardize the security of the user’s system, such as the introduction of third-party kernel extensions (kexts). Kexts have the same privileges as the kernel and, therefore, any vulnerability in third party kexts can lead to total compromise of the operating system. That’s why developers are strongly encouraged to adopt system extensions before kext support is removed from macOS for future Mac computers with Apple silicon.
macOS Catalina was the latest version of macOS with full support for kernel extensions. Apple says that kernel extensions are no longer recommended for macOS, noting that they pose a risk to the integrity and reliability of the operating system.
Starting with macOS Catalina, developers were able to use system extensions that run in user space, rather than at the kernel level. System extensions running in user space are given only the privileges necessary to perform the specified function, which increases the stability and security of macOS, according to Apple.
Apple includes a document revision history section in the Platform Security Guide with a list of all new and updated information.
Apple also has a new Security Certifications and Compliance Center.