Security Strategy, Plan, Budget

Apple touts M1 features in updated security guide, days after malicious code discovery

Apple released substantial updates Thursday to its Platform Security Guide – the first revision since April, and the first in the era of Apple's self-designed M1 chips.

The guide is traditionally a critical resource to anyone researching or wrangling security on Apple products, with the most thorough official explanation of product security capabilities. It provides the blueprints on how the claims the company has made about its security actually work.

The guide "provides definitive and concise guidance on how to harden the Apple systems," said Patrick Wardle, a prominent Mac security researcher, designer, and author, via electronic chat. "This is important as the majority of macOS attacks can be thwarted, or at least mitigated in some regard, if such best practices are followed."

Release of the new guide comes amid two discoveries of malware strains developed to target the M1 chip. The first, noted Feb. 14 by Wardle, is a Safari adware extension that was originally written to run on Intel x86 chips. The second, noted Thursday by Red Canary, has not released any malicious payloads yet, but infected 29,139 macOS endpoints across 153 countries as of February 17. While legacy programs (including malware) still run on M1 silicon, natively designed code is more efficient.

The malicious code does not take advantage of security flaws in the M1 chip, just new chip-specific instructions that run faster than legacy code would.

The new Platform Security Guide adds 40 pages – around a fifth of its total length – to last year's edition. New sections include descriptions of the new M1 boot process, as well as changes to kernel, local policy, and other security for computers using the M1. Other new content includes updates to its descriptions of the secure enclave, secure business chat, password recommendations, and other topics.

In a briefing with reporters on the new guide, Apple emphasized the importance of new sections on the native features of the M1 chips. The company believes the chips add some security features previously only possible on phones, including CPU-based system integrity checks, and secure hardware password and biometric storage that was not possible with the previous Intel processors.

At the briefing, Apple positioned the Platform Security Guide as what the community might regard as an auditable answer for anyone asking why they should trust the company does what it claims to do in the name of security.

Joe Uchill

Joe is a senior reporter at SC Weekly, focused on policy issues. He previously covered cybersecurity for Axios, The Hill and the Christian Science Monitor’s short-lived Passcode website.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.