Another autumn has come and gone, and that means Apple have released their annual software updates for iOS and macOS. We’ve been through them with our magnifying glasses, looking for changes related to security and enterprise management, and have developed our two new EUD Security Guides.
We’ve also updated the macOS provisioning script to account for some changes Apple made to the full disk encryption commands earlier this year.
These guides are aimed at helping enterprise administrators, system integrators and senior risk owners to understand the risks of using modern mobile platforms, and best practices for deploying them within an organisation.
iOS 12 Changes
There are actually very few changes in iOS 12 this year which have an impact on enterprise security or management. But of course, we recommend installing the update to fix the latest security issues in the platform, as well as taking advantage of the performance and other, general improvements in the OS.
The main new security feature is USB Restricted Mode, which we've recommended you keep enabled.
The full guidance for iOS 12 is available to read now.
macOS 10.14 Changes
In contrast, there have been quite a few relevant new changes in macOS recently:
- The commands for configuring FileVault disk encryption changed earlier this year, meaning that our old provisioning script could no longer enable encryption. We’ve updated this now, and also included the changes in our guidance. Macs which already had full disk encryption previously configured do not need to be reconfigured with the new script.
- In the last year, Apple have started releasing Macs with the T2 security processor. This is a dedicated security component, not unlike a TPM on Windows laptops. This improves the physical security of the mac and we’ve included details of it where Apple have produced documentation. As more information about the T2 becomes available, we’ll update the risks in our guidance to ensure it reflects the latest available public information.
- macOS 10.14 now also has App notarisation. This means that developers can upload a copy of every app they release to Apple for them to check for malware in the app package. It’s currently opt in, but will become mandatory in future. Whilst macOS doesn’t have a huge problem with malware today, it’s good to see innovative steps like this being used to make it harder for attackers to compromise the platform.
Apple have also published their own document detailing the enterprise-relevant changes in iOS 12 and macOS 10.14.
As with all our publications, we’re more than happy to receive feedback. If you have any comments, please pop them below, or use the Contact Us form to get in touch directly.
EUD Security Research Lead