Apple Inc (NASDAQ: AAPL) is taking measures to enhance security for users such as activists, politicians, and journalists with a new setting on macOS, iPadOS Ventura, and iOS 16 called Lockdown Mode. The setting harden hardens the defenses of iPad, iPhones, or Mac in ways interrupting methods that have been seen to be employed in compromising devices for targeted attacks.
Lockdown Mode restricts the message attachments one can receive
Lockdown Mode restricts the kinds of message attachments that can be sent, deactivates link previews, inhibits some web browsing features by default, blocks FaceTime invitations from unverified senders, locks down cabled connections to laptops or accessories whereas the gadget is locked, and prevents users from enrolling in mobile device management (MDM) or adding new configuration profiles.
These are the places where we are aware of potential weaknesses. For example, Google’s Project Zero team described how an iPhone of a person who had been attacked by the Pegasus program could be hacked in a “zero-click” situation by utilizing a GIF to secretly exploit iMessage. Lockdown Mode immediately closes the doors to other attacks that have frequently targeted MDM systems.
Pegasus found in Jamal Khashoggi’s computer
Apple describes it as an “extreme, optional” degree of security in direct reaction to the rising popularity of state-sponsored mercenary programs like the NSO Group’s Pegasus tool. Software evidence has been discovered on the computers of reporters like Jamal Khashoggi. Apple has published iOS 16 Developer Beta 3, which includes Lockdown Mode, as per Bloomberg reporter Mark Gurman.
Before introducing iOS bug bounty software in 2016, Apple has faced criticism for not collaborating with security experts to uncover and fix vulnerabilities in its systems as frequently as other major tech companies. In 2019, it finally broadened the initiative to include additional devices while announcing that it would give special security testing tools to outside experts.
Apple’sengineering and architecture security head Ivan Krstic said, “While the vast majority of users will never be the victims of highly targeted cyberattacks, we will work tirelessly to protect the small number of users who are.”