Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

Apple Boosts Security in iOS 12, macOS Mojave

At its Worldwide Developers Conference (WWDC) 2018 this week, Apple shared information on the security improvements that iOS 12 and macOS Mojave are set to bring when they arrive this fall.

At its Worldwide Developers Conference (WWDC) 2018 this week, Apple shared information on the security improvements that iOS 12 and macOS Mojave are set to bring when they arrive this fall.

While previewing the next platform iterations at the event, Apple revealed features that will change the overall user experience on both mobile and desktop devices, but also presented enhancements that should improve the overall privacy and security of its users.

One of the main changes impacts the Safari browser on both iOS and macOS, which will soon deliver improved Intelligent Tracking Prevention capabilities, preventing social media buttons (such as “Like” and “Share”) from tracking users without permission.

“Safari now also presents simplified system information when users browse the web, preventing them from being tracked based on their system configuration,” the iPhone maker says.

Other features the company previewed for the upcoming platform iterations include end-to-end encryption for Facetime group calls and password managers integrated into macOS and iOS, to help users employ stronger passwords, store them securely, and automatically enter them when needed.

“Safari now also automatically creates, autofills and stores strong passwords when users create new online accounts and flags reused passwords so users can change them,” Apple said.

On macOS Mojave, new data protections will require applications to ask for user permission before using the camera and microphone or before accessing personal data such as mail history and messages database, the tech giant also says. This should prevent malicious software from spying on users.

To further strengthen user privacy, Apple also appears set to roll out a USB Restricted Mode in iOS 12, a feature that was initially noticed in iOS 11.3 beta, but later removed, only to be introduced in iOS 11.4 beta again.

Advertisement. Scroll to continue reading.

With this new feature, an iPhone connected via USB to a computer (or to an USB accessory) will ask for the passcode every week, or it will lock down the Lightning port in charge only mode, thus preventing access to the data.

“To improve security, for a locked iOS device to communicate with USB accessories you must connect an accessory via lightning connector to the device while unlocked—or enter your device passcode while
connected—at least once a week,” Apple described the feature in iOS 11.3 beta.

As ElcomSoft’s Oleg Afonin pointed out last month, this means that law enforcement agencies attempting to retrieve data from a suspect’s iPhone will only have a small window of opportunity before the device locks down. The same applies to thieves and anyone else targeting that data.

The new feature appears as a reaction to a clash with the FBI a couple of years ago over the unlocking of the San Bernardino shooter’s iPhone. The legal battle eventually sparked a debate between supporters of backdoors in user products to facilitate criminal and national security investigations, and those who want data to be properly protected.

Later this month, as part of iOS 12 public beta, users will also take advantage of increased control over notifications, and will get detailed information on the time spent on the phone, courtesy of a new Screen Time feature. There’s also an App Limits feature to limit the time spent in an app, which gives parents more control over their children’s use of a mobile device.

Related: Apple Touts Privacy Features of New Operating Systems

Related: Apple Patches Dozens of Flaws in macOS, iOS, Safari

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...

Endpoint Security

Gigabyte has announced BIOS updates that remove a recently identified backdoor feature in hundreds of its motherboards.

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...