Apple updates its Platform Security Guide

Apple’s head of security engineering and architecture, Ivan Krstić, this week announced the publication of what should be essential reading for Apple admins and security pros — the newly updated Apple Platform Security guide. (Among other things, Krstić also leads Apple’s war against surveillance hackers.)

The latest update since 2022, the guide is currently being translated into local language versions, so it might not be available on your local Apple server. You can get it in American English directly from the US site, and you’ll know when you find it because the May 2024 publication date will be visible at the bottom of the front page. 

What is the Platform Security Guide?

“This documentation provides details about how security technology and features are implemented within Apple platforms. It also helps organizations combine Apple platform security technology and features with their own policies and procedures to meet their specific security needs,” Apple says in the introduction to the 210-page document. (It’s interesting to note that in 2019 the guide extended to 157-pages.)

Open it up and you’ll find updated information, along with the addition of new sections addressing several topics, including App Store, WidgetKit, and Lockdown Mode security. The latter doesn’t explain much we didn’t know already, but puts the protection into context and links to the most recently updated information concerning that mode. The document has also been brought up to speed with additional information concerning start-up security on the latest Apple Silicon devices and harmonizes links to the company’s security reporting pages.

I expect in the future it might further extend to sharing information pertaining to server chips from the company, if that plan turns out to be true.

What’s new in the Platform Security guide?

Some particular highlights include a better explanation of the company’s built-in malware protection system, XProtect, and a little added insight into how App Store security works. 

How XProtect works is to some extent a bit of a black box, but the latest iteration of the report does shed a little light on what’s happening:

“Should malware make its way onto a Mac, XProtect also includes technology to remediate infections. For example, it includes an engine that remediates infections based on updates automatically delivered from Apple (as part of automatic updates of system data files and security updates). This system removes malware upon receiving updated information, and it continues to periodically check for infections; however, XProtect doesn’t automatically restart the Mac. In addition, XProtect contains an advanced engine to detect unknown malware based on behavioral analysis. Information about malware detected by this engine, including what software was ultimately responsible for downloading it, is used to improve XProtect signatures and macOS security.”

As for App Store security, EU readers will note that this section hasn’t yet been updated to include what security Apple provides around purchases made from third party stores. That’s likely to make interesting reading once it does appear. But the document does explain the five different security processes that govern apps sold through the company’s own App Store. These include automated malware scans, human review, manual checks, user reviews, and processes for correction and removal of bad/scam apps.

Under the EU sideloading scheme, Apple will only be able to ensure malware scans and respond to user feedback; third-party app providers will deliver (and presumably in some cases, fail to deliver) the other security processes.

Who is the guide for?

This really is essential reading for anyone who wants to better understand Apple security. That means Apple admins as well as developers, security researchers, customers — anyone who really wants to get to grips with the information it offers.

Those already familiar with the document shouldn’t expect much; while there are some new sections (and dozens of sections have been updated), many of those changes are relatively small. (Some of the information about recently introduced security tools for Messages may be of interest, however.)

Given the scale and complexity of the Apple platform ecosystem, it seems likely some small tidbits of new information will be found. 

Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.