Apple Platform Security
- Welcome
- Intro to Apple platform security
-
- Hardware security overview
- Apple SoC security
- Secure Enclave
-
- Face ID and Touch ID security
- Magic Keyboard with Touch ID
- Face ID, Touch ID, passcodes, and passwords
- Facial matching security
- Uses for Face ID and Touch ID
- Secure intent and connections to the Secure Enclave
- Hardware microphone disconnect
- Express Cards with power reserve
-
- System security overview
-
- Boot process for iPhone and iPad devices
- Memory safe iBoot implementation
-
- Boot process
- Boot modes
- Paired recoveryOS restrictions
- Startup Disk security policy control
- LocalPolicy signing-key creation and management
- Contents of a LocalPolicy file for a Mac with Apple silicon
-
- Boot process
- Boot modes
- Startup Security Utility
- Firmware password protection
- recoveryOS and diagnostics environments
- Signed system volume security
- Secure software updates
- Operating system integrity
- Activating data connections securely
- Verifying accessories
- BlastDoor for Messages and IDS
- Lockdown Mode security
-
- Additional macOS system security capabilities
- System Integrity Protection
- Trust caches
- Peripheral processor security
- Rosetta 2 on a Mac with Apple silicon
- Direct memory access protections
- Securely extending the kernel
- Option ROM security
- UEFI firmware security in an Intel-based Mac
- System security for watchOS
- Random number generation
- Apple Security Research Device
-
- Encryption and Data Protection overview
- Passcodes and passwords
-
- Data Protection overview
- Data Protection
- Data Protection classes
- Keybags for Data Protection
- Protecting keys in alternate boot modes
- Protecting user data in the face of attack
- Sealed Key Protection (SKP)
- Role of Apple File System
- Keychain data protection
-
- Volume encryption with FileVault
- Managing FileVault
-
- Protecting app access to user data
- Protecting access to user’s health data
- Digital signing and encryption
-
- App security overview
-
- Intro to app security for iOS and iPadOS
- About App Store security
- App code signing process
- Security of runtime process
- Supporting extensions
- App protection and app groups
-
- Intro to app security for macOS
- App code signing process
- Gatekeeper and runtime protection
- Protecting against malware
- Controlling app access to files
- Secure features in the Notes app
- Secure features in the Shortcuts app
-
- Services security overview
-
- Apple ID security
- Managed Apple ID security
-
- iCloud security overview
- iCloud encryption
- Advanced Data Protection for iCloud
- Security of iCloud Backup
- iCloud Private Relay security
- Account recovery contact security
- Legacy Contact security
-
- Passcode security overview
- Sign in with Apple security
- Automatic strong passwords
- Password AutoFill security
- App access to saved passwords
- Password security recommendations
- Password Monitoring
- Sending passwords
- Credential provider extensions
-
- iCloud Keychain security overview
- Secure keychain syncing
- Secure iCloud Keychain recovery
- Escrow security for iCloud Keychain
-
- Apple Pay security overview
- Apple Pay component security
- How Apple Pay keeps users’ purchases protected
-
- Card provisioning security overview
- Adding credit or debit cards to Apple Pay
- Payment authorization with Apple Pay
- Paying with cards using Apple Pay
- Contactless passes in Apple Pay
- Rendering cards unusable with Apple Pay
- Apple Card security
- Apple Cash security
- Tap to Pay on iPhone
-
- Access using Apple Wallet
- Access key types
- Car key security
- Adding transit and eMoney cards to Apple Wallet
-
- IDs in Apple Wallet
- Security of IDs in Apple Wallet
-
- iMessage security overview
- How iMessage sends and receives messages
- Secure iMessage name and photo sharing
- Secure Apple Messages for Business
- FaceTime security
-
- Find My security
- Locating missing devices
-
- Continuity security overview
- Handoff security
- iPhone cellular call relay security
- iPhone Text Message Forwarding security
- Instant Hotspot security
-
- Network security overview
- TLS security
- IPv6 security
- VPN security
-
- Secure access to wireless networks
- Wi-Fi privacy
- Bluetooth security
- Ultra Wideband security in iOS
- Single sign-on security
- AirDrop security
- Wi-Fi password sharing security on iPhone and iPad
- Firewall security in macOS
-
- Developer kit security overview
-
- Communication security
- Data security
- Securing routers with HomeKit
- Camera security
- Security with Apple TV
- SiriKit security
- WidgetKit security
- DriverKit security
- ReplayKit security
- ARKit security
-
- Secure device management overview
- Pairing model security
-
- MDM security overview
- Configuration enforcement
- Automated Device Enrollment
- Activation Lock security
- Managed Lost Mode and remote wipe
- Shared iPad security
- Apple Configurator security
- Screen Time security
- Glossary
- Document revision history
- Copyright
macOS includes a built-in firewall to protect the Mac from network access and denial-of-service attacks. It can be configured by going to System Settings > Privacy & Security (macOS 13 or later), the Security & Privacy pane of System Preferences (macOS 12 or earlier), or by using a configuration profile with the Firewall payload installed manually or provided by an MDM solution. The following configurations are supported:
Block all incoming connections, regardless of app.
Automatically allow built-in software to receive incoming connections.
Automatically allow downloaded and signed software to receive incoming connections.
Add or deny access based on user-specified apps.
Prevent the Mac from responding to ICMP (Internet Control Message Protocol) probing and portscan requests.
See alsoSecure access to wireless networksWi-Fi password sharing security on iPhone and iPad
Download this guide as a PDF
Thanks for your feedback.