Become a MacRumors Supporter for $25/year with no ads, private forums, and more!
  • Did you order new AirTags? We've opened a dedicated AirTags forum.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
52,420
14,129



Yesterday it was discovered that iOS 10 does not feature an encrypted kernel, allowing users and researchers access to the core of the operating system and its inner workings. It was unclear at the time whether the lack of encryption was an accident or intentional, but today Apple confirmed to TechCrunch that the company did not encrypt the kernel for a reason.

ios10.jpg

"The kernel cache doesn't contain any user info, and by unencrypting it we're able to optimize the operating system's performance without compromising security," an Apple spokesperson told TechCrunch.
The kernel, which dictates how software can use hardware and keeps the device secure, is unencrypted so that developers and researchers can "poke around" and find potential security flaws. Because the kernel is easier to access and flaws may be easier to find, Apple can more easily and more quickly patch potential issues.

The move is a shift for Apple, who had encrypted the kernel in past versions of iOS, leaving developers and researchers out of the loop on the inner workings of the operating system. As noted by security expert Jonathan Zdziarski, it's likely that Apple has made this shift to prevent groups from "hoarding" vulnerabilities in Apple's software, like the vulnerability used by the FBI to break into the iPhone 5c of the San Bernardino shooter.

Article Link: Apple Confirms Unencrypted Kernel in iOS 10 Beta is Intentional
 
Last edited:

kevinkyoo

macrumors 6502a
Feb 5, 2016
618
1,946
Any word on Apple doing this for OS X? There are still many issues present with the current iteration (ex. Computer freezing after watching videos on YouTube/iTunes) that I think would benefit greatly from this.
 
  • Like
Reactions: Avieshek
Comment

SSD-GUY

macrumors 65816
Sep 20, 2012
1,112
2,021
Interstellar
I see. So open-source now equals openly exposing vulnerabilities for the collective good so a select user group can not exponentially exploit said vulnerability.

Yeah, didn't work too well for Android, though.
 
Comment

Peepo

macrumors 65816
Jun 18, 2009
1,079
520
Will this allow others to reverse engineer or even copy it, patch it and make cheap iPhone knockoffs!!!
 
Comment

OldSchoolMacGuy

Suspended
Jul 10, 2008
4,197
9,049



Yesterday it was discovered that iOS 10 does not feature an encrypted kernel, allowing users and researchers access to the core of the operating system and its inner workings. It was unclear at the time whether the lack of encryption was an accident or intentional, but today Apple confirmed to TechCrunch that the company did not encrypt the kernel for a reason.

ios10.jpg

The kernel, which dictates how software can use hardware and keeps the device secure, is unencrypted so that developers and researchers can "poke around" and find potential security flaws. Because the kernel is easier to access and flaws may be easier to find, Apple can more easily and more quickly patch potential issues.

The move is a shift for Apple, who had encrypted the kernel in past versions of iOS, leaving developers and researchers out of the loop on the inner workings of the operating system. As noted by security expert Jonathan Zdziarski, it's likely that Apple has made this shift to prevent groups from "hoarding" vulnerabilities in Apple's software, like the vulnerability used by the FBI to break into the iPhone 5c of the San Bernardino shooter.

Article Link: Apple Confirms Unencrypted Kernel in iOS 10 Beta is Intentional

Please please please stop referring to Johathan as an expert. Everyone that has ever worked in the security or forensics industry would never regard him as such. ****** media may only because he's willing to whore himself and say anything for media attention.
 
Comment

Markoth

macrumors 6502
Oct 1, 2015
490
1,396
Behind You
I see. So open-source now equals openly exposing vulnerabilities for the collective good so a select user group can not exponentially exploit said vulnerability.

Yeah, didn't work too well for Android, though.
The only thing developers can do now that they couldn't earlier is disassemble the kernel and look for vulnerabilities. I think it's safe to say that 99% of developers do not have the required skills. Not even close to open source, although the kernel should be somewhat similar to what's used in OS X... It should still be the XNU kernel, with modifications... The source for that is available.
 
Comment

gotluck

macrumors 603
Dec 8, 2011
5,673
1,074
East Central Florida
Very cool

Pretty serious policy change, makes me excited about what could be next..

I'm curious about the performance increase, I feel like the hindering of exploit hoarding would be more significant
 
  • Like
Reactions: attila
Comment

Quu

macrumors 68040
Apr 2, 2007
3,064
5,373
I'd just like to point something out. Apple does not offer a bug bounty program. That is to say there is no bounty to be awarded if you report a bug to them no matter how serious it is.

By contrast Microsoft offers $100,000 for a unique kernel level exploit, $15,000 for a Edge browser exploit and $100,000 for a unique solution to a presented exploit that they have yet to come up with / implement.

So if you were to find an Edge browser exploit in Windows 10 and another exploit that allowed you to jump the sandbox and gain root access to the operating system and then figured out a solution to stop the attack that is safe and implementable you could earn yourself $215,000.

Find the same in iOS, macOS, watchOS or tvOS and earn $0. It's about time Apple got serious and offered their own bug bounty program. It's the most meaningful way to get serious vulnerabilities reported.

And remember the FBI and NSA are paying upwards of $1 Million dollars (as shown in congress reports) for root level attacks on iOS, macOS and Windows. That is the competition. If you're a security researcher who're you gonna tell? Apple and earn nothing or the NSA/FBI and change your entire life?
 
Comment

busyscott

macrumors regular
Sep 29, 2015
184
1,595
California
This is Apple's version of handing someone a TV remote and then intentionally dropping it right before they grab it.

(The "TV remote" being a backdoor and the "someone" being the CIA)
 
Comment

thadoggfather

macrumors G5
Oct 1, 2007
13,114
11,151
It seems odd, how can this contribute to performance and security, opening up the flood gates?

Does encryption / performance and security have to be mutually exclusive ?
 
Comment
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.