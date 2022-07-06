



Apple is taking steps to increase the security of journalists, activists, politicians, and others, using a new setting called Lockdown Mode for iOS 16, iPadOS 16, and macOS Ventura. This setting enhances the defenses of your iPhone, iPad, or Mac and disrupts the methods used to endanger your device with targeted attacks.

Lockdown mode blocks many message attachment types, disables link preview, turns off certain web browsing technologies by default, blocks invitations and FaceTime calls from unknown sources, and locks your device. While you lock down the wired connection to your computer or accessory and disable additional features, create a new configuration profile or enroll in mobile device management (MDM).

Google’s Project Zero team details how using GIFs to abuse iMessage in the background can jeopardize the iPhones of people targeted by Pegasus software in zero-click scenarios. Therefore, we know that these may be vulnerable. Other attacks have repeatedly targeted MDM solutions and used malicious websites to exploit rendering flaws, and lockdown mode closes those doors from the beginning.

iOS 16 lockdown mode screen image: Apple

Apple calls this an extreme option level of protection, clearly addressing the increasing use of country-sponsored mercenary software such as the Pegasus tool developed by NSO Group. Evidence of the software was found on journalist devices like Jamal Khashoggi. According to Bloomberg reporter Mark Gurman, Apple has just released iOS 16 Developer Beta 3, which includes a lockdown mode.

For the past few years, Apple has been criticized for not working with security researchers to find and close platform flaws like other major tech companies before launching the iOS bug bounty program in 2016. Was there. Eventually, in 2019, the program was extended to cover other devices, saying that it would distribute a special security research device to outside researchers.

According to Ivan Krsty, Head of Security Engineering and Architecture at Apple, the majority of users will never be the victims of targeted cyberattacks, but we are tirelessly striving to protect a small number of users. To do. This could continue to design defenses specifically for these users and support researchers and organizations around the world who are doing very important work in exposing the mercenary companies that create these digital attacks. included.

While introducing the new operating system at WWDC 2022 in June, Apple said the new Rapid Security Response feature will enable patches for security flaws that can be deployed and enabled faster on Macs without the need for a reboot. I did. iOS 16 and macOS Ventura are also set to include support for new passkey technologies that help eliminate the use of passwords.

Other tech companies have done similar in certain ways, such as the Google Advanced Protection Program for accounts and the Super Duper Secure Mode, which Microsoft began testing on Edge last fall. Some small businesses have also tried to offer enhanced devices running Android that promise protection against various vulnerabilities, but what will lockdown mode be when it’s released in a new software update later this year? A new level of security available to millions of people.

Even with these protections, finding vulnerabilities in operating systems that control so many devices is a valuable endeavor, and Apple has doubled its certification results in lockdown mode to 2 million. It says it will be in dollars. This is the highest bounty payment in the industry. .. Apple also said that the damage inflicted from a lawsuit filed against NSO Group last fall included targeted cyberattacks, including those created by a private company developing state-sponsored mercenaries. Spyware says it will be added to a $ 10 million grant to help organizations investigate, publish, and prevent.

