MacDirectory magazine is the premiere creative lifestyle magazine for Apple enthusiasts featuring interviews, in-depth tech reviews, Apple news, insights, latest Apple patents, apps, market analysis, entertainment and more.
Issue link: https://digital.macdirectory.com/i/1277879
But is it safer? If Apple is correct, ARM Macs will deliver enhanced performance and efficiency. But will they be any more secure than the current Intel Macs? Again, Apple says yes. In the developer sessions at WWDC, Apple characterized the change to ARM Macs as bringing many of the security protections of the iPhone over to the Mac (while still allowing the Mac to remain a Mac). There are three key features that they say will make the new Macs safer than ever before. The first of these is Kernel Integrity Protection (KIP). This is a security feature that is currently found on the iPhone and iPad. If you’ve listened to The Checklist for a while, you’ll recall that the “kernel” of an operating system just refers to its core code: It’s the heart of the OS, and provides basic functionally to apps as well as handling things like memory and task management. For this reason, it’s extremely important — and anything that could affect the kernel code is considered to be significant from a security standpoint. This is also why, when we review Apple security updates, we’ll often highlight kernel vulnerability patches as particularly important. KIP is a protection built into the hardware that makes the kernel code immutable once the kernel has been initialized, and prevents any additional kernel code from being loaded. This is important in terms of security, because certain types of attack rely on injecting malicious code into a running kernel. KIP should help to prevent such attacks. The second major security feature that Apple Silicon Macs will bring is called “write xor execute”, or W^X. Write xor execute is a memory protection that mandates that chunks of memory can be writable, or they can be executable, but not both at the same time (as an aside, that’s all that “xor” means in computing: It’s the “exclusive or” which basically says “A or B, but not A and B together”). This is important, because it’s considered dangerous to allow memory to be writable and executable at the same time, since some attacks are carried out by writing malicious code into a memory area intended for data — and then executing it. Unfortunately, many apps contain tools called just-in-time compilers or “JIT compilers”, which need memory to be both writable and executable (great for the JIT compiler, not so great for security). However, JIT compilers can’t just be dispensed with altogether, because they allow for the fast, dynamic translation of certain human-readable types of code into a format that can be executed by the computer. For this reason, Apple has created a new API that will allow memory areas to be toggled quickly back and forth between being writable and executable. This will allow JIT compilers to function, but will also eliminate the vulnerability caused by allowing memory to be both writable and executable at the same time. The third and final security enhancement