Read the latest from
- June 10, 2024
Private Cloud Compute: A new frontier for AI privacy in the cloud
Secure and private AI processing in the cloud poses a formidable new challenge. To support advanced features of Apple Intelligence with larger foundation models, we created Private Cloud Compute (PCC), a groundbreaking cloud intelligence system designed specifically for private AI processing. Built with custom Apple silicon and a hardened operating system, Private Cloud Compute extends the industry-leading security and privacy of Apple devices into the cloud, making sure that personal user data sent to PCC isn’t accessible to anyone other than the user — not even to Apple. We believe Private Cloud Compute is the most advanced security architecture ever deployed for cloud AI compute at scale.
Read more - February 21, 2024
iMessage with PQ3: The new state of the art in quantum-secure messaging at scale
We are introducing PQ3, a groundbreaking cryptographic protocol for iMessage that advances the state of the art of end-to-end secure messaging. With compromise-resilient encryption and extensive defenses against even highly sophisticated quantum attacks, PQ3 provides protocol protections that surpass those in all other widely deployed messaging apps.
Read more - October 27, 2023
Advancing iMessage security: iMessage Contact Key Verification
iMessage broke new ground in 2011 as the first widely available messaging service to provide secure end-to-end encryption by default. Ever since, we’ve been making ongoing improvements to iMessage security to protect our users’ most sensitive communications. This brief technical overview introduces the security model behind iMessage Contact Key Verification, a new feature available in the developer previews of iOS 17.2, macOS 14.2, and watchOS 10.2, that advances the state of the art of key directory security in messaging systems and allows users to verify they’re messaging only with the people they intend.
Read more - August 30, 2023
2024 Apple Security Research Device Program now accepting applications
Starting today, security researchers are invited to apply for the 2024 Security Research Device Program. Learn about eligibility requirements and how our Security Research Device helps both new and experienced researchers accelerate their work with iOS. We're accepting applications through October 31, 2023.
Read more - May 23, 2023
What if we had the SockPuppet vulnerability in iOS 16?
The next post in our XNU memory safety series examines how our hardened kernel allocator performs in the real world against a previously patched but powerful UAF software vulnerability. In this detailed analysis, we find out what might happen if SockPuppet were to meet kalloc_type in iOS 16.
Read more - October 27, 2022
Apple Security Bounty. Upgraded.
Apple’s Security Bounty program has paid nearly $20 million in rewards to security researchers in just two and a half years. Our new site makes it easier than ever for researchers to submit reports on the web, get real-time updates from Apple engineering, and earn recognition for helping to improve security for the users of over 1.8 billion devices worldwide.
Read more - October 27, 2022
Towards the next generation of XNU memory safety: kalloc_type
Improving software memory safety is a key security objective for engineering teams across the industry. Here we begin a journey into the XNU kernel at the core of iOS and explore the intricate work our engineering teams have done to harden the memory allocator and make our software much more difficult to exploit.
Read more