Night mode is an automatic setting which takes advantage of the new wide-angle camera that's in the iPhone 11 and 11 Pro models. It's equipped with a larger sensor that is able to let in more light, allowing for brighter photos when the light is low.
macOS Catalina Now Available
Apple Confirms Unencrypted Kernel in iOS 10 Beta is Intentional
Yesterday it was discovered that iOS 10 does not feature an encrypted kernel, allowing users and researchers access to the core of the operating system and its inner workings. It was unclear at the time whether the lack of encryption was an accident or intentional, but today Apple confirmed to TechCrunch that the company did not encrypt the kernel for a reason.
The move is a shift for Apple, who had encrypted the kernel in past versions of iOS, leaving developers and researchers out of the loop on the inner workings of the operating system. As noted by security expert Jonathan Zdziarski, it's likely that Apple has made this shift to prevent groups from "hoarding" vulnerabilities in Apple's software, like the vulnerability used by the FBI to break into the iPhone 5c of the San Bernardino shooter.
“The kernel cache doesn’t contain any user info, and by unencrypting it we’re able to optimize the operating system’s performance without compromising security,” an Apple spokesperson told TechCrunch.The kernel, which dictates how software can use hardware and keeps the device secure, is unencrypted so that developers and researchers can "poke around" and find potential security flaws. Because the kernel is easier to access and flaws may be easier to find, Apple can more easily and more quickly patch potential issues.
The move is a shift for Apple, who had encrypted the kernel in past versions of iOS, leaving developers and researchers out of the loop on the inner workings of the operating system. As noted by security expert Jonathan Zdziarski, it's likely that Apple has made this shift to prevent groups from "hoarding" vulnerabilities in Apple's software, like the vulnerability used by the FBI to break into the iPhone 5c of the San Bernardino shooter.
Tag: Jonathan Zdziarski
[ 135 comments ]
Top Rated Comments
(View all)
43 months ago
I'd just like to point something out. Apple does not offer a bug bounty program. That is to say there is no bounty to be awarded if you report a bug to them no matter how serious it is.
By contrast Microsoft offers $100,000 for a unique kernel level exploit, $15,000 for a Edge browser exploit and $100,000 for a unique solution to a presented exploit that they have yet to come up with / implement.
So if you were to find an Edge browser exploit in Windows 10 and another exploit that allowed you to jump the sandbox and gain root access to the operating system and then figured out a solution to stop the attack that is safe and implementable you could earn yourself $215,000.
Find the same in iOS, macOS, watchOS or tvOS and earn $0. It's about time Apple got serious and offered their own bug bounty program. It's the most meaningful way to get serious vulnerabilities reported.
And remember the FBI and NSA are paying upwards of $1 Million dollars (as shown in congress reports) for root level attacks on iOS, macOS and Windows. That is the competition. If you're a security researcher who're you gonna tell? Apple and earn nothing or the NSA/FBI and change your entire life?
By contrast Microsoft offers $100,000 for a unique kernel level exploit, $15,000 for a Edge browser exploit and $100,000 for a unique solution to a presented exploit that they have yet to come up with / implement.
So if you were to find an Edge browser exploit in Windows 10 and another exploit that allowed you to jump the sandbox and gain root access to the operating system and then figured out a solution to stop the attack that is safe and implementable you could earn yourself $215,000.
Find the same in iOS, macOS, watchOS or tvOS and earn $0. It's about time Apple got serious and offered their own bug bounty program. It's the most meaningful way to get serious vulnerabilities reported.
And remember the FBI and NSA are paying upwards of $1 Million dollars (as shown in congress reports) for root level attacks on iOS, macOS and Windows. That is the competition. If you're a security researcher who're you gonna tell? Apple and earn nothing or the NSA/FBI and change your entire life?
43 months ago
I see. So open-source now equals openly exposing vulnerabilities for the collective good so a select user group can not exponentially exploit said vulnerability.
Yeah, didn't work too well for Android, though.
43 months ago
I see. So open-source now equals openly exposing vulnerabilities for the collective good so a select user group can not exponentially exploit said vulnerability.
Umm, unencrypted binary != open source...
43 months ago
I see. So open-source now equals openly exposing vulnerabilities for the collective good so a select user group can not exponentially exploit said vulnerability.
Yeah, didn't work too well for Android, though.
43 months ago
In Apple marketing terms, this is called innovation.
Apple marketing is not calling this anything.You are calling it innovation, and then snickering at the "Apple marketing" in your mind for calling it innovation.
Well done.
43 months ago
So has anyone in the tech press asked them why only the 64-bit kernelcache was left unencrypted while the 32-bit kernelcache remains encrypted? What about the update and restore ramdisks, which also remain encrypted? The rest of the boot chain? Why not let us peek at those, too?
Apple PR's statement that "[t]he kernel cache doesn't contain any user info" is ridiculously obvious to anyone with technical knowledge in this area. That statement is clearly only intended to placate the non-technical masses who might hear "Apple" and "unencrypted" in the same sentence and get worried about the privacy battle.
Secondly, what sort of performance improvement can this possibly make? Even assuming the kernelcache has to be decrypted once per boot, that must take what, a couple hundred milliseconds for the hardware-accelerated AES engine to do its thing?
I am really baffled by Apple's response. If it was indeed intentional, it must have been for reasons other than what they are saying.
Apple PR's statement that "[t]he kernel cache doesn't contain any user info" is ridiculously obvious to anyone with technical knowledge in this area. That statement is clearly only intended to placate the non-technical masses who might hear "Apple" and "unencrypted" in the same sentence and get worried about the privacy battle.
Secondly, what sort of performance improvement can this possibly make? Even assuming the kernelcache has to be decrypted once per boot, that must take what, a couple hundred milliseconds for the hardware-accelerated AES engine to do its thing?
I am really baffled by Apple's response. If it was indeed intentional, it must have been for reasons other than what they are saying.
43 months ago
Is this a temporary thing for the beta, or will it be unencrypted permanently for here on out?
43 months ago
While i totally get your point.. it would suggest that Microsoft's bounty program is meaningless as well (because over $1Million is far more than one could hope to get from Microsoft). You would have to have a bounty program that paid far more. And if i was a betting man, i would bet that the government would have paid whatever was necessary.
It's rare that the NSA or FBI pay 1 Million dollars for a single exploit. It would need to be incredible. Most of the time they pay less than $100,000 but more than $25,000 for what is known as zero day exploits.
If however you developed the holy grail. An exploit that starts simply by someone visiting a web page and escalates to total system ownership without a user being able to notice anything and it beats antivirus heuristic detection you could be looking at a million dollars.
Apple could offer $100,000 to a Million dollars for these kinds of exploits they're practically printing money. But I would suggest instead they start small. Offer $5,000-$15,000 for the first 6 months then double it. This way they get the most amount of exploits reported for the lowest sums of cash. The harder to find stuff will appear once the money offered equals the work spent finding them. So I'm not suggesting they jump right into offering 100K or 1 Million, that wouldn't make good business sense.
[doublepost=1466684468][/doublepost]
wow. I think people have no idea what's going on here. (from my understanding at least).
The kernel is the core of the OS right? So its just OS code that has been produced by the compiler. I have no idea why it needs to be encrypted. What would that gain? It's just code.
As Apple have pointed out, it's nothing to do with any personal data etc..
As far as I know Apple's file system can decrypt data on the fly. So by removing the encryption on the kernel part that never needed to be encrypted anyway they are getting an easy boost in speed. Whats not to love here?
The only slight issue is that hackers will find it easier to read the kernel code. But so what? if your hacking at that level I dont think the encryption would have been a problem for you anyway. And besides, the kernel is small. Its been tested to death and is probably the least susceptible to any vulnerabilities.
Funny how people make stories out of non stories.
Usually there are bugs in the kernel which you cannot see because the encryption makes it difficult to do so. You cannot dump the kernel while the system is running due to ASLR and other in-memory protection techniques built into the operating system.
By having it decrypted you can copy the kernel from the phone and decompile it so you can examine it and search for potential buffer overflows and other exploitable bugs. There is still quite a lot to be learned from the kernel as they keep changing it and changes introduce bugs.
The whole reason they've decrypted it is so researchers can potentially find these bugs more easily. Encryption is security by obfuscation which means the kernel isn't really secure, its flaws are simply masked/hidden from attackers. The only attacks possible when it was encrypted were fuzzing attacks (supplying the many kernel functions with data trying to randomly find a bug as opposed to reading the kernels decompiled assembly to search for one)
Also keep in mind this isn't like decrypting a password, the data set is so large and the encryption cipher potentially 4096+ bit that it would take a billion years to unencrypt it even with the fastest supercomputer on the planet. Hackers who are "just that good" still can't do the impossible and I say that as someone that develops secure server software that deals in encrypted communications everyday.
43 months ago
I'd just like to point something out. Apple does not offer a bug bounty program. That is to say there is no bounty to be awarded if you report a bug to them no matter how serious it is.
By contrast Microsoft offers $100,000 for a unique kernel level exploit, $15,000 for a Edge browser exploit and $100,000 for a unique solution to a presented exploit that they have yet to come up with / implement.
...
Give apple a break. They are focusing on earth, environment, recycling, equal right and watch band. How could they find time for less important issue like product bugs or security.
[ Read All Comments ]
Riot Games has revealed that League of Legends: Wild Rift will launch on iOS in 2020. Riot says this is a new version of the original wildly popular MOBA title, which launched on PC 10 years ago, and...
Apple today announced that it has launched a new version of its Transporter app for developers on the Mac App Store. Transporter, which was previously available as a command-line tool, now lets...
Amazon today has discounted Apple's 2019 MacBook Air in two configurations, with each price representing the lowest price ever for these models. Both sales kicked off today, and it's unclear...
Nearly one year after Feral Interactive announced that "Shadow of the Tomb Raider" would be coming to macOS sometime in 2019, the company today provided a launch date for the game: November...
After launching Macintosh-themed accessories for the Apple Watch and iPhone, Elago this week followed suit with the AW3 AirPods Case.
Similar to the W3 Charging Stand for Apple Watch, the...
Update: As spotted by WCCFTech, Microsoft has now updated all of its Office apps – Word, Excel, PowerPoint, OneNote and Outlook – to support Dark Mode.
Microsoft OneNote received an update...
AMC has announced the launch of a new on-demand video streaming service that's designed to compete with Apple's iTunes Store and Amazon's Prime Video, allowing film fans to rent and buy...
Saturday Night Live alumnus Jason Sudeikis is bringing his "Ted Lasso" character to Apple's streaming service, reviving the role he debuted in 2013 for NBC Sports with its English Premier...
