Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

Apple Platform Security Guide Updated With Details on Authentication Features

Apple Platform Security Guide updated

Apple this week updated its Platform Security Guide to provide more details on a couple of recently announced authentication features.

Apple Platform Security Guide updated

Apple this week updated its Platform Security Guide to provide more details on a couple of recently announced authentication features.

Apple’s Platform Security Guide contains detailed technical information on the security technologies and features implemented in its products. The first guide was released in 2015, but it only covered the iOS operating system. In its current form, the guide also provides information on macOS and hardware.

The May 2021 update to the Platform Security Guide focuses on two topics: Touch ID on the iMac’s Magic Keyboard, and the iPhone unlock with Apple Watch feature in iOS 14.5. Both these authentication features were announced by Apple in April.

In the case of Touch ID on the Magic Keyboard, the security guide update specifies how the secure channel is established between the Magic Keyboard with Touch ID and the Secure Enclave in iMac with M1 chips.

As for the iPhone unlock with Apple Watch feature in iOS 14.5, the guide provides more details on the cryptography behind the feature, as well as more information on the security parameters that govern its use.

In February, Apple announced the biggest update ever to its Platform Security Guide — the company added nearly 50 pages to the document compared to the previous version.

Related: Apple Patches Under-Attack iOS Zero-Day

Related: Apple Patches Security Bypass Vulnerability Impacting Macs With M1 Chip

Advertisement. Scroll to continue reading.

Related: Researchers Abuse Apple’s Find My Network for Data Upload

Related: Apple Patches macOS Security Bypass Vulnerability Exploited by ‘Shlayer’ Malware

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Artificial Intelligence

ChatGPT is increasingly integrated into cybersecurity products and services as the industry is testing its capabilities and limitations.

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Compliance

Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...

Email Security

Many Fortune 500, FTSE 100 and ASX 100 companies have failed to properly implement the DMARC standard, exposing their customers and partners to phishing...

Funding/M&A

The private equity firm merges the newly acquired ForgeRock with Ping Identity, combining two of the biggest names in enterprise IAM market.