Apple Releases iOS Security Guide as PDF Download
Apple Releases iOS Security Guide as PDF Download
ThreatPost is reporting that Apple has released a new 20-page PDF document entitled “iOS Security†(PDF link), which can be downloaded from the company’s website. Dated May, 2012, the document aims to help organizations and individuals “understand how the built-in security features work together to provide a secure mobile computing platform.â€
“The iOS Security guide, released within the last week, represents Apple's first real public documentation of the security architecture and feature set in iOS, the operating system that runs on iPhones, iPads and iPod Touch devices,†explains ThreatPost, the Kaspersky Lab Security News Service. “Security researchers have been doing their best to reverse engineer the operating system for several years and much of what's in the new Apple guide has been discussed in presentations and talks by researchers.â€
Among the topics discussed in the iOS Security guide is the implementation of ASLR (Address Space Layout Randomization), which is designed to prevent attackers from using memory corruption bugs.
“Researchers discovered the addition of ASLR to iOS, but Apple never really talked about it,†the report notes. Code-signing is also given a considerable amount of detail in the iOS Security guide.
Accuvant research consultant Charlie Miller claims the guide doesn’t reveal a lot of new information, but the mere fact that Apple is publishing it warrants praise.
"Apple doesn't really talk about their security mechanisms in detail,†Miller, the co-author of the iOS Hacker’s Handbook, explains. “When they introduced ASLR, they didn't tell anybody. They didn't ever explain how code-signing worked. There isn't anything really new in that doc, which means that the research community 'worked', that is without anybody telling us, we figured out how the thing worked and why it was good (or not so much)."
Follow this article’s author, J.R. Bookwalter on Twitter
Comment