The refreshed security round-up highlights Mac M1 architecture defenses, tweaks in biometrics, safe app usage practices, and more.
The 196-page whitepaper offers a deep dive into the security of all platforms under Apple’s umbrella, including macOS and iOS. Aside from the software side of things, it covers hardware security, encryption and data protection, biometrics, as well as services security. Separate sections are dedicated to defense mechanisms baked into the new A14 Bionic and Mac M1 chips. An overarching focus here is on the independent functioning of components that form the general platform security logic. Let’s go over some of the prominent ideas and conceptual novelties laid out in this guide.
A glimpse of M1 security principles
According to the report, the debut of Apple Silicon allows Macs to support a similar extent of security that’s hard-coded into iOS devices. In other words, features like Kernel Integrity Protection, Fast Permission Restrictions, System Coprocessor Integrity Protection, and Pointer Authentication Codes are becoming a part of the Mac paradigm.
The only iOS defense-related capability that will be missing in the M1 architecture is Page Protection Layer. The reason is that it relies on the execution of signed and trusted code only, which can’t be implemented in the macOS ecosystem. One more thing that sets the M1 framework apart from its Intel counterpart is that the security policies work separately for each instance of macOS installed on a computer.
Biometric tweaks
A significant change in this context is about how the Secure Neural Engine, an underlying element of the Face ID feature, operates in the M1 and A14 paradigm. Whereas it was previously embedded in the Secure Enclave, now it turns into a secure mode in the processor’s Neural Engine. The addition of a hardware security controller allows for switching between tasks performed by the Secure Enclave and Application Processor. This way, the Neural Engine’s condition is reset after every authentication instance so that biometric data stays intact.
App security enhancements
Apple continues to maintain robust control of what code can be executed on its devices. For instance, when a user is downloading and installing software onto their Mac from outside the official App Store, the Gatekeeper will block this attempt unless the application has passed notarization checks and contains no signs of malware.
While sticking with this principle, the company is introducing a few changes. The Shortcuts app gets a security boost, with custom shortcuts that the user is downloading from the Internet being scrutinized for malicious properties at runtime. Also, the Notes app now comes with a Secure Notes feature that applies end-to-end encryption to specific items and requires a passphrase to view them.
This is just a brief overview of what the new Platform Security roadmap covers. Consider reading Apple’s report to explore all the tweaks in-depth.