Apple on Wednesday announced it plans to introduce an enhanced
security setting called Lockdown Mode in iOS 16,
iPadOS 16, and macOS Ventura to safeguard high-risk users against
“highly targeted cyberattacks.”
The “extreme, optional protection” feature, now available for
preview in beta versions of its upcoming software, is designed to
counter a surge in threats posed by private companies developing
state-sponsored surveillanceware such as Pegasus[1], DevilsTongue[2], Predator[3], and Hermit[4].
Lockdown Mode, when enabled, “hardens device defenses and
strictly limits certain functionalities, sharply reducing the
attack surface that potentially could be exploited by highly
targeted mercenary spyware,” Apple said[5]
in a statement.
This includes blocking most message attachment types other than
images and disabling link previews in Messages; rendering
inoperative just-in-time (JIT[6]) JavaScript compilation;
removing support for shared albums in Photos; and preventing
incoming FaceTime calls from unknown numbers.
Other restrictions cut off wired connections with a computer or
accessory when an iPhone is locked and, most importantly, prohibit
configuration profiles[7]
— a feature that’s been abused to sideload apps[8]
bypassing the App Store — from being installed.
The tech giant also noted that it plans to incorporate
additional countermeasures to Lockdown Mode over time, while
simultaneously inviting feedback from the security research
community to identify “qualifying findings” that will be eligible
for up to $2 million in bug bounties.
It’s worth noting that the feature will not be switched on by
default, but can be accessed by heading to Settings > Privacy &
Security > Lockdown Mode.
The announcement arrives a month after Apple debuted a new
Rapid Security Response[9]
feature in iOS 16 and macOS Ventura that aims to deploy security
fixes without the need for a full operating system version
update.
Google and Meta offer analogous software features[10] known as Advanced
Account Protection and Facebook Protect that are meant to secure
the accounts of individuals who are at an “elevated risk of
targeted online attacks” from takeover attempts. But it won’t be
surprising if Google follows suit with a similar feature on
Android.
References
- ^
Pegasus
(thehackernews.com) - ^
DevilsTongue
(thehackernews.com) - ^
Predator
(thehackernews.com) - ^
Hermit
(thehackernews.com) - ^
said
(www.apple.com) - ^
JIT
(hacks.mozilla.org) - ^
configuration profiles
(support.apple.com) - ^
abused
to sideload apps (thehackernews.com) - ^
Rapid
Security Response (thehackernews.com) - ^
analogous software features
(thehackernews.com)
Read more https://thehackernews.com/2022/07/apples-new-lockdown-mode-protects.html