Security Experts:

Connect with us

Hi, what are you looking for?



iOS 16 Rolls Out With Passwordless Authentication, Spyware Protection

Apple this week has started rolling out iOS 16 with several security and privacy improvements meant to keep users protected from malware, state-sponsored attackers, and an abusive spouse.

Apple this week has started rolling out iOS 16 with several security and privacy improvements meant to keep users protected from malware, state-sponsored attackers, and an abusive spouse.

The first of these features is Lockdown Mode, a capability designed to keep users protected from state-sponsored mercenary spyware.

Detailed in July, Lockdown Mode works by essentially shutting down certain device functionality, to reduce attack surface and prevent attackers from exploiting potential vulnerabilities.

Meant as an extreme form of protection for a very small number of users targeted by governments, Lockdown Mode covers messages, browsing, invitations and service requests, wired connections to computers, and mobile device management (MDM).

Lockdown Mode is Apple’s response to zero-day attacks seeking to deploy high-end surveillance tools, but the company has also rolled out protections for a far simpler form of snooping, in the form of Safety Check.

Devised in collaboration with the National Network to End Domestic Violence, the National Center for Victims of Crime, and Australian Women’s Services Network, the capability can help iOS users who are in abusive relationships keep their life private.

Essentially, Safety Check shows users who has access to their messages, location, apps, and more, and provides them with an emergency button to reset permissions for all apps, sign out from all devices, and sever unwanted access to private information.

iOS 16 also arrives with Passkey, which essentially improves users’ online protection in Safari by replacing passwords with passkeys, which rely on biometric verification and can be synced across all types of Apple devices.

Apple announced support for passwordless sign-ins earlier this year, when, together with Google and Microsoft, it pledged to adopt FIDO’s passkey, a credential that is stored on the phone and which will be needed for signing in on websites that have adopted passkey.

To keep users protected from cyberattacks that exploit zero-days or newly identified vulnerabilities, Apple has introduced rapid security response, which ensures that patches are delivered to users as soon as Apple releases them, without having to install a full software update.

With rapid security response, Apple can deliver emergency fixes whenever needed, without requiring user interaction.

iOS 16 also prevents applications from viewing the device’s clipboard, which should improve both privacy and security by preventing unauthorized access to sensitive information such as passwords.

The new platform release also includes patches for a dozen vulnerabilities, including a kernel flaw (CVE-2022-32917) already exploited in attacks targeting macOS Big Sur users.

Related: Can ‘Lockdown Mode’ Solve Apple’s Mercenary Spyware Problem?

Related: Apple Adds ‘BlastDoor’ to Secure iPhones From Zero-Click Attacks

Related: Apple Patches New macOS, iOS Zero-Days

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Malware & Threats

Threat actors are increasingly abusing Microsoft OneNote documents to deliver malware in both targeted and spray-and-pray campaigns.

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...