The new feature dubbed “Lockdown Mode” is designed to offer an extreme, optional level of security for the very small number of users who face grave, targeted threats to their digital security because of who they are or what they do. This feature will be rolled out with the upcoming iOS 16, iPadOS 16, and macOS Ventura this fall. Once Lockdown Mode is enabled, it will provide the following protections:
Messages: Most message attachment types other than images are blocked. Some features, like link previews, are disabled. Web browsing: Certain complex web technologies, like just-in-time (JIT) JavaScript compilation, are disabled unless the user excludes a trusted site from Lockdown Mode. Apple services: Incoming invitations and service requests, including FaceTime calls, are blocked if the user has not previously sent the initiator a call or request. Wired connections with a computer or accessory are blocked when iPhone is locked. Configuration profiles cannot be installed, and the device cannot enroll into mobile device management (MDM), while Lockdown Mode is turned on.
Apple says it will continue to strengthen Lockdown Mode and add new protections to it over a period of time. Further, the Cupertino giant has also added a new category within the Apple Security Bounty program to invite feedback and collaboration from the security research community. Researchers who are able to detect serious Lockdown Mode bypasses can earn up to $2,000,000 – the highest maximum bounty payout in the industry. “Apple makes the most secure mobile devices on the market. Lockdown Mode is a groundbreaking capability that reflects our unwavering commitment to protecting users from even the rarest, most sophisticated attacks,” said Ivan Krsti?, Apple’s Head of Security Engineering and Architecture. “While the vast majority of users will never be the victims of highly targeted cyberattacks, we will work tirelessly to protect the small number of users who are. That includes continuing to design defenses specifically for these users, as well as supporting researchers and organizations around the world doing critically important work in exposing mercenary companies that create these digital attacks.” Furthermore, Apple announced that it is also making a $10 million grant, in addition to any damages awarded from the lawsuit filed against NSO Group. This is to help support organizations that investigate, expose, and prevent highly targeted cyberattacks, including those created by private companies developing state-sponsored mercenary spyware. The grant will be made to the Dignity and Justice Fund established by the Ford Foundation. It expects to make its first grants in late 2022 or early 2023, which will initially go toward organizations that help expose mercenary spyware and protect potential targets.