Anyone can utilize Lockdown Mode, but it's intended for those who might be the target of state-sponsored spyware
With a new setting dubbed Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura, Apple is making efforts to improve security for individuals including journalists, activists, and politicians. With this setting, an iPhone, iPad, or Mac's defenses are strengthened in a way that thwarts techniques that have been employed to compromise devices for very specific attacks.
Lockdown Mode restricts the types of message attachments that can be sent, disables link previews, disables some web browsing features by default, blocks FaceTime invitations from unknown sources, locks down wired connections to computers or accessories while the device is locked, and prevents users from enrolling in mobile device management or adding new configuration profiles (MDM).
These are the places where we are aware of potential weaknesses. For example, Google's Project Zero team described how an iPhone of a person who had been targeted by the Pegasus program could be compromised in a "zero-click" situation by utilizing a GIF to secretly exploit iMessage. Lockdown Mode immediately closes the doors to other attacks that have frequently targeted MDM solutions or used malicious websites to exploit rendering issues.
Apple describes it as a "extreme, optional" degree of security in direct response to the rising popularity of state-sponsored mercenary software like the NSO Group's Pegasus tool. Software evidence has been discovered on the computers of journalists like Jamal Khashoggi. Apple has published iOS 16 Developer Beta 3, which includes Lockdown Mode, according to Bloomberg reporter Mark Gurman.
Before introducing an iOS bug bounty program in 2016, Apple has faced criticism for not collaborating with security researchers to uncover and fix vulnerabilities in its platforms as frequently as other major tech companies. In 2019, it finally broadened the initiative to include additional devices while announcing that it will give special security research devices to outside researchers.
"While the vast majority of customers will never be the victims of highly targeted assaults, we will work relentlessly to defend the small number of users who are," said Ivan Krsti, Apple's head of security engineering and architecture. This entails continuing to devise safeguards tailored for these users and supporting academics and organizations working tirelessly to expose mercenary firms behind these cyberattacks.
Apple stated that its new Rapid Security Response feature will allow security patches to flow out more quickly and take effect on a Mac without requiring a reboot when announcing the new operating systems at WWDC 2022 in June. Support for the new passkey technology that aims to do away with passwords will also be included to iOS 16 and macOS Ventura.
