Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Apple Releases Security Guide for iOS

Apple has released a document that examines the security technology and features implemented within iOS, the platform that operates the consumer market’s most successful line of mobile devices. While none of the information is new or unknown, the guide is noteworthy, if only because it offers an official basic list of best practices to organizations wishing to deploy Apple devices.

Apple has released a document that examines the security technology and features implemented within iOS, the platform that operates the consumer market’s most successful line of mobile devices. While none of the information is new or unknown, the guide is noteworthy, if only because it offers an official basic list of best practices to organizations wishing to deploy Apple devices.

Apple isn’t known for discussing their security, so the guide released this week is a rarity. While the information within the guide itself isn’t new, it represents official conformation of the data that the security community has worked to develop and define over the years. It also offers a set of recommendations, what the guide calls key elements, which organizations should understand when evaluating or deploying iOS-based devices on their networks.

At the same time, Apple seems to dismiss the notion that such a guide is even needed.

“Apple designed the iOS platform with security at its core,” the guide explains. “The combination of required code signing, sandboxing, and entitlements in apps provides solid protection against viruses, malware, and other exploits that compromise the security of other platforms. The App Store submission process works to further protect users from these risks by reviewing every app before it’s made available for sale.”

The guide examines the various elements of the iOS platform, including the architecture (i.e. how the secure platform and hardware intermingle to offer one layer of security), as well as encryption and data protection, network security, and device access.

Android and iOS Usage in Enterprise

The key to deploying iOS within the corporate environment however, as explained by Apple, is to ensure that the security features within iOS align with IT and security policies and requirements.  

While it may seem like Apple doesn’t feel a document of this type is needed, based on their statements and the fact it was published without fanfare, clearly they understand the value of layered security and the needs of their corporate clients. Thus, they have released official guidance and documentation.

Advertisement. Scroll to continue reading.

Given the popularity of iOS, and the need to get a handle on mobile device management, the guide is worth reading, especially if mobile security is a mission critical requirement.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

The February 2023 security updates for Android patch 40 vulnerabilities, including multiple high-severity escalation of privilege bugs.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Cybercrime

A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.