Apple Publishes New Apple Platform Security Guide

Coinciding with the launch of its public bug bounty program, Apple today published its new Apple Platform Security guide, offering users details about the security technology and features that are implemented within Apple platforms – including sections on Mac for the first time.

The documentation has been updated to reflect changes in iOS 13.3, iPadOS 13.3, macOS 10.15.2, tvOS 13.3, and watchOS 6.1.1. The Apple Platform Security site also covers hardware and services, providing comprehensive information in a readable format on the following topics:

• Hardware Security and Biometrics: The hardware that forms the foundation for security on Apple devices, including the Secure Enclave, a dedicated AES crypto engine, Touch ID, and Face ID.
• System Security: The integrated hardware and software functions that provide for the safe boot, update, and ongoing operation of Apple operating systems.
• Encryption and Data Protection: The architecture and design that protects user data if the device is lost or stolen, or if an unauthorized person attempts to use or modify it.
• App Security: The software and services that provide a safe app ecosystem and enable apps to run securely and without compromising platform integrity.
• Services Security: Apple’s services for identification, password management, payments, communications, and finding lost devices.
• Network Security: Industry-standard networking protocols that provide secure authentication and encryption of data in transmission.
• Developer Kits: Frameworks for secure and private management of home and health, as well as extension of Apple device and service capabilities to third-party apps.
• Secure Device Management: Methods that allow management of Apple devices, prevent unauthorized use, and enable remote wipe if a device is lost or stolen.
• Security Certifications and Programs: Information on ISO certifications, Cryptographic validation, Common Criteria Certification, and the Commercial Solutions for Classified (CSfC) Program.

The site can be browsed from the Table of Contents at the top of the page, or a PDF of the documentation can be downloaded here.

Alongside its Platform Security site, Apple maintains a separate site covering the company's approach to privacy, privacy controls on Apple devices, and the Apple privacy policy.

If users believe they have discovered a security or privacy vulnerability that affects Apple devices, software, services, or web servers, Apple encourages them to report it by sending an email to product-security@apple.com along with any relevant videos, crash logs, and system diagnosis reports. More information on reporting a security or privacy vulnerability can be found here.