Apple is a a notoriously close and insular organization, a trend that has often contradicted the security research community. The company is usually secretive about the technical details of how its products work and its security features. So, the resource that security researchers say they relied most on for bread crumbs is Apple’s annual Security Guide, the new edition of which was released today. It offers the most comprehensive and technical look of Apple’s warranty to date – including the first documentation of the new Apple M1 chips.
Apple first offered the guide a decade ago as a very short write-up at the dawn of the iPhone era. Subsequently, it will evolve into an “iOS Security Guide” focused exclusively on mobile devices, before expanding to include macOS in 2019. Details of security features such as Touch ID and Face ID, Apple secure enclave and secure boot , so that software developers and security researchers can understand more about how those functions work and interact with each other. Over the years, the company says it has tried to balance readability for a wide audience with usefulness for those with deeper technical knowledge. This year, it includes more information than ever. about both new and old features.
“I am constant referring to this guide and they have been for years, ”says Sarah Edwards, a longtime Apple security researcher. “I use it for all aspects of my research, for my daily work, for the teaching concert, for anything. About once a year I sit with him on my iPad and read him page by page to see what I missed before or what happens to “click” when I see him again after learning something through my research. ”
This year’s edition contains significantly extensive information about hardware such as the M1, new details about the secure enclave and a record of a number of software features.
Researchers and hackers collect both reverse engineering, the process of determining how something is built by examining the finished product. This “security through obscurity” helps keep attackers at bay to some extent, but by launching the platform’s Security Guide, Apple can help its customers take advantage of its defensive features while providing guidance for security researchers. hoping they can find vulnerabilities before the bad guys do.
“Everything can be reversed. It’s a lot of fun, at least for me, ”says Will Strafach, a longtime iOS researcher and creator of the Guardian Firewall for iOS. “But it’s useful to have a detailed and well-detailed authorized document from Apple, because it allows people to know the intentions and limitations associated with certain security capabilities. Apple always does a great job with it, even if it doesn’t sink too deep into the weeds. “
Researchers say they always have a few “wish lists” that Apple wants to include in future guides. Strafach wants to know more about how M1 chips safely handle the startup of other operating systems, always a question for jailbreakers when Apple launches new processors. And he’s curious about Apple’s iOS 14 enhancements, which were meant to cancel a ubiquitous exploitation of the jailbreak, but which can be bypassed in some cases.
Each researcher has specific hopes and dreams, even esoteric ones, for new guides based on their specialties. Patrick Wardle, an independent Apple security researcher, said he hoped to see more details about Apple’s own antivirus and malware detection tools, the company added in today’s report. However, he hopes to get more information on how to control several macOS features.