Apple announces new security measures for iMessage, Apple ID and iCloud

Apple announces new security features coming this and next year. These include iMessage public key notifications, Apple ID hardware security keys and end-to-end encryption for more iCloud data.

iMessage Contact Key Verification

iMessage will now notify when your contact's public key is changed (which could be a result of unwanted new device being added to the account). With this feature it will be easier to catch the moment when somebody is eavesdropping on the conversation.

This feature to become generally available in 2023 worldwide.

Security Keys for Apple ID

Apple will provide support for hardware security keys for Apple ID authentication. This might provide extra security measure for those who need better protection for their data.

This feature will be available in early 2023 worldwide.

Advanced Data Protection for iCloud

Apple adds end-to-end encryption to more iCloud data types, including Notes and iCloud Backups. Major data types not yet covered by end-to-end encryption are Mail, Contacts and Calendars.

Notable, data protection for iCloud is opt-on feature, so users have to enable it themselves.

This feature is available in the US today in beta, and should be available for general users in US later in 2022. Worldwide rollout is expected in early 2023. 

Apple Newsroom: Apple advances user security with powerful new data protections

Beta 4 for iOS 16 and other platforms is out, Live Activities are in

Apple releases beta 4 for iOS/iPadOS 16, macOS 13 Ventura, watchOS 9 and tvOS 16. Most notable addition is support for Live Activities.

Live Activities and ActivityKit won't be included in the initial publicly released version of iOS 16, but will be publicly available in an update later this year. Once they're publicly available, you can submit your apps with Live Activities to the App Store.

Apple Developer

There are also updates on edit and unsend functionality in Messages:

  • Unsend is available only for two minutes after messages was sent;
  • Edited messages now show the log of edits.

Beta download: Operating Systems

Apple Developer:

Release notes:

References:

Apple sues NSO Group over spyware and iMessage exploits

Apple announces that it filed a lawsuit against NSO Group responsible for Pegasus software used to infiltrate iPhones of journalists and activists.

Apple also announced a $10 million contribution to support cybersurveillance researchers and advocates

Apple Newsroom

Apple claims that FORCEDENTRY exploit is currently fixed and only small number of people were affected by it. However, these were targeted attacks and, therefore, damage was significant.

iOS 15 includes a number of new security protections, including significant upgrades to the BlastDoor security mechanism. While NSO Group spyware continues to evolve, Apple has not observed any evidence of successful remote attacks against devices running iOS 15 and later versions. Apple urges all users to update their iPhone and always use the latest software.

Apple Newsroom

Apple also announced that it will notify users of ongoing attacks.

If Apple discovers activity consistent with a state-sponsored attack, we notify the targeted users in two ways:
- A Threat Notification is displayed at the top of the page after the user signs into appleid.apple.com.
- Apple sends an email and iMessage notification to the email addresses and phone numbers associated with the user’s Apple ID.

Apple Support