Apple's New "Lockdown Mode" Protects iPhone, iPad, And Mac Against Spyware
Apple on Wednesday announced it plans to introduce an enhanced security setting called Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura to safeguard high-risk users against "highly targeted cyberattacks."
The "extreme, optional protection" feature, now available for preview in beta versions of its upcoming software, is designed to counter a surge in threats posed by private companies developing state-sponsored surveillanceware such as Pegasus, DevilsTongue, Predator, and Hermit.
Lockdown Mode, when enabled, "hardens device defenses and strictly limits certain functionalities, sharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware," Apple said in a statement.
This includes blocking most message attachment types other than images and disabling link previews in Messages; rendering inoperative just-in-time (JIT) JavaScript compilation; removing support for shared albums in Photos; and preventing incoming FaceTime calls from unknown numbers.
Other restrictions cut off wired connections with a computer or accessory when an iPhone is locked and, most importantly, prohibit configuration profiles — a feature that's been abused to sideload apps bypassing the App Store — from being installed.
The tech giant also noted that it plans to incorporate additional countermeasures to Lockdown Mode over time, while simultaneously inviting feedback from the security research community to identify "qualifying findings" that will be eligible for up to $2 million in bug bounties.
It's worth noting that the feature will not be switched on by default, but can be accessed by heading to Settings > Privacy & Security > Lockdown Mode.
The announcement arrives a month after Apple debuted a new Rapid Security Response feature in iOS 16 and macOS Ventura that aims to deploy security fixes without the need for a full operating system version update.
Google and Meta offer analogous software features known as Advanced Account Protection and Facebook Protect that are meant to secure the accounts of individuals who are at an "elevated risk of targeted online attacks" from takeover attempts. But it won't be surprising if Google follows suit with a similar feature on Android.
Source: thehackernews.com