“When Apple released a preview version of iOS 10 at its annual developers conference last week, the company slipped in a surprise for security researchers — it left the core of its operating system, the kernel, unencrypted,” Kate Conger reports for TechCrunch. “‘The kernel cache doesn’t contain any user info, and by unencrypting it we’re able to optimize the operating system’s performance without compromising security,’ an Apple spokesperson told TechCrunch.”
“Apple has kept the inner workings of the kernel obfuscated by encryption in previous versions of iOS, leaving developers and researchers in the dark,” Conger reports. “Although encryption is often thought to be synonymous with security, the lack of encryption in this case doesn’t mean that devices running iOS 10 are less secure. It just means that that researchers and developers can poke around in the kernel’s code for the first time, and any security flaws will come to light more quickly. If flaws are revealed, they can be quickly patched.”
Conger reports, “Opening up the kernel’s code for inspection could weaken the market for security flaws like the one the FBI is presumed to have used to get into the San Bernardino iPhone.”
Read more in the full article here.
MacDailyNews Take: As we wrote yesterday:
Apple to the government overreachers: Checkmate!
Apple exposes iOS kernel in what could be savvy strategy or major screwup – June 22, 2016