Apple Platform Security
- Welcome
- Intro to Apple platform security
-
- System security overview
- Signed system volume security
- Secure software updates
- Rapid Security Responses
- Operating system integrity
- BlastDoor for Messages and IDS
- Lockdown Mode security
- System security for watchOS
- Random number generation
- Apple Security Research Device
-
- Services security overview
-
- Apple Pay security overview
- Apple Pay component security
- How Apple Pay keeps users’ purchases protected
- Payment authorization with Apple Pay
- Paying with cards using Apple Pay
- Contactless passes in Apple Pay
- Rendering cards unusable with Apple Pay
- Apple Card security
- Apple Cash security
- Tap to Pay on iPhone
- Secure Apple Messages for Business
- FaceTime security
- Glossary
- Document revision history
- Copyright
BlastDoor for Messages and IDS
iOS, iPadOS, macOS, and watchOS include a security feature called BlastDoor, first introduced in iOS 14 and related releases. The goal of BlastDoor is to help protect the system by corralling attackers—increasing the complexity of their efforts to exploit Messages and Apple Identity Services (IDS). BlastDoor isolates, parses, transcodes, and validates untrusted data arriving in Messages, IDS and other vectors to help prevent attacks.
BlastDoor does this by employing sandbox restrictions and memory safe validation of output which creates a significant obstacle for attackers to overcome before reaching other parts of the operating system. It’s designed to drastically improve user protection against attacks, particularly “0-click” attacks—those that don’t require user interaction.
Finally, Messages treats traffic from “known senders” differently than traffic from “unknown senders”, offering a different set of functionality to each group and segmenting “known” versus “unknown” data into distinct BlastDoor instances.