Apple releases iOS security guide

Powered by SC Magazine
 

Technical specifications revealed.

Apple has released an 18-page iOS security guide, releasing details of its products' security features for the first time.

The guide, released in mid-May, and covers system architecture, encryption, data protection and network security for devices running on iOS, which includes the iPhone, iPad and iPod Touch (pdf).

Although a majority of the features discussed in the report have been uncovered by researchers through reverse engineering, one notable topic covered by the document is the multiple security layers implemented into each iOS device.

“The combination of required code signing, sandboxing and entitlements in apps provides solid protection against viruses, malware and other exploits that compromise the security of other platforms,” states the manual.

Additionally, the report includes insight into the mobile operating system's use of address space layout randomisation (ASLR), a feature designed to mitigate exploits and stifle saboteurs from corrupting a device's memory with malware.

ASLR was previously assumed to be in use by researchers, but the topic was never publicly discussed by Apple.

“Built-in apps use ASLR to ensure that all memory regions are random­ised upon launch,” the security report stated.

"Additionally, system shared library locations are randomised at each device startup."

Although Apple has primarily played its cards close to its chest when it comes to security, the information in the guide could signify a shift in its communication with the public.

Charles Miller, principal research consultant at Accuvant Labs, believes the company may be more concerned with its “acceptance in the enterprise market.”

“[The guide] is located on the enterprise portion of the website,” Miller told iTnews' sister publication, SC Magazine.

While the guide is a sign that Apple is coming out of its security shell, Miller says that this shouldn't be seen as a new stance on the topic.

“I've thought that a few times…and have been proven wrong, so from now on I need more convincing before I say that again.”

A spokesperson for Apple was not available for comment.

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition


Apple releases iOS security guide
Tags
 
 
 
Top Stories
Business-focused Windows 10 brings back the Start menu
Microsoft skips 9 for the "greatest enterprise platform ever".
 
Feeling Shellshocked?
Stay up to date with patching for the Bash bug.
 
Amazon forced to reboot EC2 to patch Xen bug
Rolling restarts over next week.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  66%
 
Advanced persistent threats
  4%
 
Unpatched or unsupported software vulnerabilities
  11%
 
Denial of service attacks
  6%
 
Insider threats
  12%
TOTAL VOTES: 1371

Vote