The Most Comprehensive Data Protection Solution
Discover, classify, and protect your data from all threats with the only Gartner Magic Quadrant DLP and Forrester Wave EDR Leader.
First and Only Solution to Converge:
- Data Loss Prevention
- Endpoint Detection and Response
- User and Entity Behavior Analytics
Apple's latest update for iOS incorporates ways to stop Safari snooping, data leaks, password reuse, and hacking.
In what has become one of the rituals of fall along with leaf peeping, tailgating, and apple picking, Apple recently introduced a new lineup of iThingies, complete with slick new iPhones and oversized Apple Watches. They all look really nice. But the most important release isn’t the (unironically named) iPhone XS or super-powerful MacBook Pro, it’s iOS 12.
The iPhone is the leader in the clubhouse as the most secure general-purpose computing device on the market. Apple’s control of both the hardware and software development process and ecosystem make the iPhone/iOS platform one of the harder targets there is for attackers at the moment. The company has been adding security features to both the hardware and software at a steady pace since the iPhone’s introduction, and iOS 12, which Apple released this week, brings several important new protections with it.
The features that will probably make the biggest immediate difference to most users are the addition of automatic strong passwords in Safari and security code AutoFill. Creating and remembering strong passwords is a pain so people often just fall back on something that’s easy to remember, which also means it’s probably easy for an attacker to guess. In iOS 12, Apple has added the capability for Safari to suggest strong, complex passwords automatically, something that has been available on the desktop version of the browser for a while. The second authentication change is a feature that will automatically fill in one-time passcodes sent via SMS. While SMS-based two-step verification isn’t the strongest option, it’s significantly better than a password alone, and Apple is making it much easier for people to use it by removing the need to copy and paste or remember those codes to enter them in apps.
Another major upgrade to the security of iOS is the inclusion of automatic software updates. Most desktop platforms have had automatic updates as an option for many years, but it’s taken a while for that feature to reach mobile devices. Until now, iPhone users needed to go into the App Store app and manually click on the Update option for each installed app. The same was true for iOS itself. In iOS 12, users have the option of setting iOS and all of the installed apps to update automatically, ensuring that the latest version is always installed. Even the minor releases of iOS come with security and bug fixes and are important for users to install, but many people aren’t even aware when new versions come out. Having automatic updates enabled takes the human part of that out of the equation.
There’s also a feature that’s less obvious but can be an important defense against some attacks. Apple has added a function called USB Restricted Mode that prevents any USB accessory from interacting with an iPhone if the device has been locked for more than an hour. The feature is buried in the Settings under the Touch ID & Passcode option and it can protect iPhones against attacks that use exploits delivered over the USB Lightning port.
On the privacy side of things, iOS 12 includes functionality in Safari that prevents third-party trackers on sites from following a user’s movements across the web without the user’s permission. It’s an important change, given how pervasive third-party tracking has become.
“Safari now prevents Share buttons and comment widgets on web pages from tracking you without your permission. Safari also prevents advertisers from collecting your device’s unique characteristics, so they can’t identify your device or retarget ads to you across the web,” Apple’s notes for iOS 12 say.
The iOS 12 update is available now. Get it.