Apple Confirms Unencrypted Kernel in iOS 10 Beta is Intentional
Yesterday it was discovered that iOS 10 does not feature an encrypted kernel, allowing users and researchers access to the core of the operating system and its inner workings. It was unclear at the time whether the lack of encryption was an accident or intentional, but today Apple confirmed to TechCrunch that the company did not encrypt the kernel for a reason.
“The kernel cache doesn’t contain any user info, and by unencrypting it we’re able to optimize the operating system’s performance without compromising security,” an Apple spokesperson told TechCrunch.
The kernel, which dictates how software can use hardware and keeps the device secure, is unencrypted so that developers and researchers can "poke around" and find potential security flaws. Because the kernel is easier to access and flaws may be easier to find, Apple can more easily and more quickly patch potential issues.
The move is a shift for Apple, who had encrypted the kernel in past versions of iOS, leaving developers and researchers out of the loop on the inner workings of the operating system. As noted by security expert Jonathan Zdziarski, it's likely that Apple has made this shift to prevent groups from "hoarding" vulnerabilities in Apple's software, like the vulnerability used by the FBI to break into the iPhone 5c of the San Bernardino shooter.
Popular Stories
Apple will introduce new iPad Pro and iPad Air models in early May, according to Bloomberg's Mark Gurman. Gurman previously suggested the new iPads would come out in March, and then April, but the timeline has been pushed back once again. Subscribe to the MacRumors YouTube channel for more videos. Apple is working on updates to both the iPad Pro and iPad Air models. The iPad Pro models will...
In November, Apple announced that the iPhone would support the cross-platform messaging standard RCS (Rich Communication Services) in the Messages app starting "later" in 2024, and Google has now revealed a more narrow timeframe. In a since-deleted section of the revamped Google Messages web page, spotted by 9to5Google, Google said that Apple would be adopting RCS on the iPhone in the "fall...
Thieves in Montreal, Canada have been using Apple's AirTags to facilitate vehicle theft, according to a report from Vermont news sites WCAX and NBC5 (via 9to5Mac). Police officers in Burlington, Vermont have issued a warning about AirTags for drivers who recently visited Canada. Two Burlington residents found Apple AirTags in their vehicles after returning from trips to Montreal, and these...
Apple's WWDC 2024 dates have been announced, giving us timing for the unveiling of the company's next round of major operating system updates and likely some other announcements. This week also saw some disappointing news on the iPad front, with update timing for the iPad Pro and iPad Air pushed back from previous rumors. We did hear some new tidbits about what might be coming in iOS 18 and...
Photos of the first iPhone 16 cases have been shared online, offering another preview of the rumored new vertical rear camera arrangement on the standard iPhone 16 and iPhone 16 Plus. Image credit: Accessory leaker Sonny Dickson Over the last few months, Apple has been experimenting with different camera bump designs for the standard iPhone 16 models, all of which have featured a vertical ...
A $3 third-party app can now record spatial video on iPhone 15 Pro models in a higher resolution than Apple's very own Camera app. Thanks to an update first spotted by UploadVR, Spatialify can now record spatial videos with HDR in 1080p at 60fps or in 4K at 30fps. In comparison, Apple's native Camera app is limited to recording spatial video in 1080p at 30fps. Shortly after Apple's Vision ...
Top Rated Comments
By contrast Microsoft offers $100,000 for a unique kernel level exploit, $15,000 for a Edge browser exploit and $100,000 for a unique solution to a presented exploit that they have yet to come up with / implement.
So if you were to find an Edge browser exploit in Windows 10 and another exploit that allowed you to jump the sandbox and gain root access to the operating system and then figured out a solution to stop the attack that is safe and implementable you could earn yourself $215,000.
Find the same in iOS, macOS, watchOS or tvOS and earn $0. It's about time Apple got serious and offered their own bug bounty program. It's the most meaningful way to get serious vulnerabilities reported.
And remember the FBI and NSA are paying upwards of $1 Million dollars (as shown in congress reports) for root level attacks on iOS, macOS and Windows. That is the competition. If you're a security researcher who're you gonna tell? Apple and earn nothing or the NSA/FBI and change your entire life?
You are calling it innovation, and then snickering at the "Apple marketing" in your mind for calling it innovation.
Well done.
Apple PR's statement that "[t]he kernel cache doesn't contain any user info" is ridiculously obvious to anyone with technical knowledge in this area. That statement is clearly only intended to placate the non-technical masses who might hear "Apple" and "unencrypted" in the same sentence and get worried about the privacy battle.
Secondly, what sort of performance improvement can this possibly make? Even assuming the kernelcache has to be decrypted once per boot, that must take what, a couple hundred milliseconds for the hardware-accelerated AES engine to do its thing?
I am really baffled by Apple's response. If it was indeed intentional, it must have been for reasons other than what they are saying.