Apple Confirms Unencrypted Kernel in iOS 10 Beta is Intentional
Yesterday it was discovered that iOS 10 does not feature an encrypted kernel, allowing users and researchers access to the core of the operating system and its inner workings. It was unclear at the time whether the lack of encryption was an accident or intentional, but today Apple confirmed to TechCrunch that the company did not encrypt the kernel for a reason.
“The kernel cache doesn’t contain any user info, and by unencrypting it we’re able to optimize the operating system’s performance without compromising security,” an Apple spokesperson told TechCrunch.
The kernel, which dictates how software can use hardware and keeps the device secure, is unencrypted so that developers and researchers can "poke around" and find potential security flaws. Because the kernel is easier to access and flaws may be easier to find, Apple can more easily and more quickly patch potential issues.
The move is a shift for Apple, who had encrypted the kernel in past versions of iOS, leaving developers and researchers out of the loop on the inner workings of the operating system. As noted by security expert Jonathan Zdziarski, it's likely that Apple has made this shift to prevent groups from "hoarding" vulnerabilities in Apple's software, like the vulnerability used by the FBI to break into the iPhone 5c of the San Bernardino shooter.
Popular Stories
An unnamed 27-year-old man who purchased 300 iPhones from Apple Fifth Avenue on Monday morning was robbed shortly after leaving the store, according to 1010Wins Radio in New York.
He was carrying 300 iPhone 13s in three bags and walking to his car at 1:45 a.m. when another car pulled up next to him. Two men jumped out and demanded that he hand over the bags. Not wanting to hand over 300...
Apple today announced its 2022 App Store Award winners, highlighting the 16 best apps and games selected by Apple's global App Store editorial team.
The top apps were chosen by Apple for their quality, innovative technology, creative design, positive cultural impact, and ability to deliver "exceptional experiences." Apple CEO Tim Cook said:
This year's App Store Award winners reimagined...
The Black Friday and Cyber Monday holiday shopping rush is drawing to a close, but there are still some good deals to be had out there. For Apple products, many of the deals you've seen since last week are still available, though some have expired. So for anyone who missed out on Black Friday deals, there's still an opportunity to get some of the year's best prices on many Apple devices.
Note: ...
Apple's upcoming iPhone 15 models will be equipped with Sony's newest "state of the art" image sensors, according to a report from Nikkei.
Compared to standard sensors, Sony's image sensor doubles the saturation signal in each pixel, allowing it to capture more light to cut down on underexposure and overexposure. Nikkei says that it is able to better photograph a person's face even with...
Anker's popular Eufy-branded security cameras appear to be sending some data to the cloud, even when cloud storage is disabled and local only storage settings are turned on. The information comes from security consultant Paul Moore, who last week published a video outlining the issue.
According to Moore, he purchased a Eufy Doorbell Dual, which was meant to be a device that stored video...
Apple today released a Rapid Security Response update that is available for those running the iOS 16.2 beta, marking the launch of the second RSR update since the feature was released in iOS 16.
The Rapid Security Response Update is designed to provide iOS 16.2 beta users with bug fixes without the need to install a full update. The initial RSR release for iOS 16.2 beta users was a test with ...
Apple today announced that the Oceanic+ app is available for the Apple Watch Ultra starting today. Designed by Huish Outdoors in collaboration with Apple, the app serves as a dive computer for recreational scuba diving at depths up to 40 meters/130 feet.
Apple already offers a basic Depth app on the Apple Watch Ultra for viewing your current depth, maximum depth reached, water temperature,...
Wednesday November 30, 2022 2:39 am PST by
Sami FathiGeekbench scores allegedly for the upcoming "M2 Max" chip have surfaced online, offering a closer look at the performance levels and specific details of the forthcoming Apple silicon processor.
The Geekbench results, first spotted on Twitter, are for a Mac configuration of with the M2 Max chip, a 12-core CPU, and 96GB of memory. The Mac listed has an identifier "Mac14,6," which could be...
Elon Musk has pledged to offer an "alternative phone" if Apple and Google remove Twitter from their app stores, adding to long-standing rumors about an iPhone rival from Tesla.
Modified iPhone 11 Pro in the style of the Tesla Cybertruck, by Caviar. Musk's remark came after being asked about the potential scenario of Twitter being removed from app stores, which could conceivably happen if the...
Wednesday November 30, 2022 10:09 am PST by
Juli CloverApple today released iOS 16.1.2, another minor bug fix update that comes one week after the release of iOS 16.1.1 and three weeks after the launch of iOS 16.1, an update that added support for iCloud Shared Photo Library, Matter, Live Activities, and more.
The iOS 16.1.2 update can be downloaded on eligible iPhones over-the-air by going to Settings > General > Software Update.
According...
Top Rated Comments
By contrast Microsoft offers $100,000 for a unique kernel level exploit, $15,000 for a Edge browser exploit and $100,000 for a unique solution to a presented exploit that they have yet to come up with / implement.
So if you were to find an Edge browser exploit in Windows 10 and another exploit that allowed you to jump the sandbox and gain root access to the operating system and then figured out a solution to stop the attack that is safe and implementable you could earn yourself $215,000.
Find the same in iOS, macOS, watchOS or tvOS and earn $0. It's about time Apple got serious and offered their own bug bounty program. It's the most meaningful way to get serious vulnerabilities reported.
And remember the FBI and NSA are paying upwards of $1 Million dollars (as shown in congress reports) for root level attacks on iOS, macOS and Windows. That is the competition. If you're a security researcher who're you gonna tell? Apple and earn nothing or the NSA/FBI and change your entire life?
You are calling it innovation, and then snickering at the "Apple marketing" in your mind for calling it innovation.
Well done.
Apple PR's statement that "[t]he kernel cache doesn't contain any user info" is ridiculously obvious to anyone with technical knowledge in this area. That statement is clearly only intended to placate the non-technical masses who might hear "Apple" and "unencrypted" in the same sentence and get worried about the privacy battle.
Secondly, what sort of performance improvement can this possibly make? Even assuming the kernelcache has to be decrypted once per boot, that must take what, a couple hundred milliseconds for the hardware-accelerated AES engine to do its thing?
I am really baffled by Apple's response. If it was indeed intentional, it must have been for reasons other than what they are saying.