Apple is releasing iOS 16 today with new features to boost iPhone users’ security and privacy, including Lockdown Mode and Security Check.
The company announced its launch last week during a special event where it unveiled the iPhone 14, its new line of iPhone devices.
As Apple said in July when it first unveiled it, the Lockdown Mode security feature is not meant for everyday usage but, instead, designed to defend high-risk individuals (e.g., human rights defenders, journalists, and dissidents) from targeted attacks with mercenary spyware.
“Turning on Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura further hardens device defenses and strictly limits certain functionalities, sharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware,” Apple said.
Once toggled on, Lockdown Mode provides additional messaging, web browsing, and connectivity protection that blocks commercial spyware (like NSO Group’s Pegasus) used by government-backed attackers to monitor compromised Apple devices.
More often than not, such attacks use zero-click exploits targeting web browsers or messaging apps such as Facetime and WhatsApp.
However, with Lockdown Mode enabled, they will be blocked automatically since vulnerable features exploited to install spyware like link previews will be disabled.
Among the other features that will be disabled to defend against spyware attacks, Apple also lists message attachment types different than images, complex web technologies such as just-in-time (JIT) JavaScript compilation, uncalled for incoming invitations or service requests, configuration profile installation, and MDM joining.
“Lockdown Mode is a groundbreaking capability that reflects our unwavering commitment to protecting users from even the rarest, most sophisticated attacks,” said Ivan Krstić, Apple’s head of Security Engineering and Architecture, on Wednesday.
According to Apple’s description, the new Safety Check privacy tool is an entirely different beast, as it focuses on a completely different issue, namely defending those in its user base whose personal safety is in immediate danger from domestic or intimate partner violence.
It works by immediately removing all access previously granted to apps and other people, changing who can access sensitive information like location data, and helping those likely targeted to review their account security quickly.
“It includes an emergency reset that helps users easily sign out of iCloud on all their other devices, reset privacy permissions, and limit messaging to just the device in their hand,” Apple explained.
“It also helps users understand and manage which people and apps they’ve given access to.”
These new security and privacy-focused iOS features align with Apple’s ongoing efforts to defend their customers from spyware attacks and boost the operating system’s privacy protection capabilities.
For instance, Apple sued Pegasus spyware-maker NSO Group in November 2021 for the targeting and spying of Apple users using commercial surveillance tech in state-sponsored attacks.
The company has also announced new Apple Security Bounty categories to provide security researchers with monetary rewards for finding and helping close down security bugs that could be used to workaround Lockdown Mode defenses.
“To invite feedback and collaboration from the security research community, Apple has also established a new category within the Apple Security Bounty program to reward researchers who find Lockdown Mode bypasses and help improve its protections,” Apple said in July.
“Bounties are doubled for qualifying findings in Lockdown Mode, up to a maximum of $2,000,000 — the highest maximum bounty payout in the industry.”
Source: www.bleepingcomputer.com