Read the latest from
- February 21, 2024
iMessage with PQ3: The new state of the art in quantum-secure messaging at scale
We are introducing PQ3, a groundbreaking cryptographic protocol for iMessage that advances the state of the art of end-to-end secure messaging. With compromise-resilient encryption and extensive defenses against even highly sophisticated quantum attacks, PQ3 provides protocol protections that surpass those in all other widely deployed messaging apps.
Read more - October 27, 2023
Advancing iMessage security: iMessage Contact Key Verification
iMessage broke new ground in 2011 as the first widely available messaging service to provide secure end-to-end encryption by default. Ever since, we’ve been making ongoing improvements to iMessage security to protect our users’ most sensitive communications. This brief technical overview introduces the security model behind iMessage Contact Key Verification, a new feature available in the developer previews of iOS 17.2, macOS 14.2, and watchOS 10.2, that advances the state of the art of key directory security in messaging systems and allows users to verify they’re messaging only with the people they intend.
Read more - August 30, 2023
2024 Apple Security Research Device Program now accepting applications
Starting today, security researchers are invited to apply for the 2024 Security Research Device Program. Learn about eligibility requirements and how our Security Research Device helps both new and experienced researchers accelerate their work with iOS. We're accepting applications through October 31, 2023.
Read more - May 23, 2023
What if we had the SockPuppet vulnerability in iOS 16?
The next post in our XNU memory safety series examines how our hardened kernel allocator performs in the real world against a previously patched but powerful UAF software vulnerability. In this detailed analysis, we find out what might happen if SockPuppet were to meet kalloc_type in iOS 16.
Read more - October 27, 2022
Apple Security Bounty. Upgraded.
Apple’s Security Bounty program has paid nearly $20 million in rewards to security researchers in just two and a half years. Our new site makes it easier than ever for researchers to submit reports on the web, get real-time updates from Apple engineering, and earn recognition for helping to improve security for the users of over 1.8 billion devices worldwide.
Read more - October 27, 2022
Towards the next generation of XNU memory safety: kalloc_type
Improving software memory safety is a key security objective for engineering teams across the industry. Here we begin a journey into the XNU kernel at the core of iOS and explore the intricate work our engineering teams have done to harden the memory allocator and make our software much more difficult to exploit.
Read more