Apple update platform security guidelines: Apple Silicon Mac will not support kernel-Apple Mac accessories

MacRumor reports thatApple recently revised a new version of its Platform Security Guide, which provides a comprehensive overview of the latest security features for platforms such as iOS 14, iPadOS 14, macOS Big Sur, tvOS 14, and watchOS 7.For example, the document mentions the optional password monitoring feature for Safari on iOS 14 and macOS Big Sur.

being able to:

Alibaba Cloud event theme “Warm Cloud” – 30 million subsidies help SMEs break through the cold winter

being able to:

Apple Online Store (China) – Mac

(Image via Mac rumors

As the name suggests, this security feature can automatically monitor exposed data breaches and give timely warnings when analyzing potential leaks of saved user passwords.

Additionally, Apple explains Iphone / Apple Watch takes care of the digital car key function,In the foreground, the company’s “security commitment” has been updated, clarifying the security benefits of its chip designs on various platforms:

Apple continues to break the boundaries of security and privacy. For example, this year, devices using the Apple SoC cover everything from Apple Watch smartwatches to iPhones / smartphones. IPAD Complete product line for Tablets and Macs.

Dedicated chips not only provide efficient computing support but also provide more comprehensive security support. Apple’s self-developed chips lay the foundation for secure booting, Touch ID / Face ID, data protection, and unprecedented system integration features on the Mac (including kernel integrity protection / pointer authentication code / quick permission restrictions, etc.).

These integration features help prevent common attacks against memory, operating instructions, and use of JavaScript on the network. Combining them together can also ensure that even if the attacker’s code can be executed in a certain way, the damage it could cause can be greatly reduced.

Screen capture (from:Apple Support

For Apple Silicon Mac, the document outlines the platform boot process, boot mode, disk startup, Rosetta 2 switching process for Intel Mac applications, secure FileVault, Activation Lock, and other security features.

As expected, the new instructions confirm that future Apple Silicon Macs will not support kernel extensions:

In addition to enabling users to run the older version of macOS, it also requires reducing security and performing other operations that might threaten the security of the user’s system, such as introducing third-party kernel extensions (kexts).

Kexts have the same privileges as the kernel, so any third-party kexts vulnerabilities could cause complete OS corruption.

This is also an important reason why we highly recommend that developers adopt system extensions, then remove kext support from macOS to better support the future of Apple Silicon Mac.

Document screenshot (PDF outlet

MacOS Catalina is reported to be the latest version that fully supports kernel extensions. Since Apple no longer recommends the use of kernel extensions, subsequent users can be expected to make further improvements in the integrity and reliability of the operating system.

Additionally, starting with macOS Catalina, developers have been able to run system extensions in user space (rather than at the kernel level).

Apple indicated that this step could give system extensions some of the privileges required to perform specific tasks, thereby enhancing macOS ‘stability and security.

Finally, we saw all the new content and change information in the Document History Review section of the Platform Security Guide, and we learned that Apple also has a new Security Compliance and Certification Center.

Related articles:

Apple shares how the M1 Mac chip introduced several security technologies to the iPhone

See also  This is the deadline for Google Play Music users .. or all data gets deleted .. | Transfer Google Play Music data to YouTube Music before deleting it completely on February 24th

Leave a Reply

Your email address will not be published. Required fields are marked *