In case you missed it - here's six(!) hours of content from my incredible friends and colleagues today on protecting your apps from memory safety vulnerabilities. It was great to meet up with developers and talk about protecting users!
www.youtube.com/live/UZeSyodA...
"Following rigorous security testing and extensive evaluation by the German government, iPhone and iPad become the first consumer devices approved for use with classified information in NATO restricted environments"
www.apple.com/newsroom/2026/0...
My peer team at Apple is hiring! If you're interested in securing cutting edge hardware and collaborating with incredibly skilled engineering teams to deliver great products that people love using then this role may be a good fit.
jobs.apple.com/en-us/details/...
📢 Announcing hacklore.org 📢
It’s time to retire outdated cyber advice! More than 80 cybersecurity veterans have signed an open letter urging a shift from folklore to guidance that actually helps people avoid the most common attacks. 🔐
Blog: medium.com/@boblord/let...
Site: www.hacklore.org
We're updating our bounty program with the top award now set at $2 million for zero-click remote exploit chains. In addition - there are increased awards for proximate wireless attacks, WebKit, and Gatekeeper
security.apple.com/blog/apple...
Did you know that more than half of all iPhones around the world are being used in languages other than English?
My team helps make that possible, and we're hiring! Our work is very dynamic and spans the entire localization pipeline, from internal tools to all our OSes.
jobs.apple.com/en-us/detail
"The iPhone 17 is probably now the most secure computing environment on the planet that is still connected to the internet,"
Dear PPS community, In recent weeks, we've seen a concerning rise in compromised student accounts. Attackers are gaining access to these accounts and using them to send thousands of phishing and scam emails worldwide. Our investigation shows that many of these breaches result from students reusing passwords across multiple services. Once attackers obtain credentials from other sites, they try them against school accounts with significant success. To better protect student accounts and reduce their value as targets, we are making a change: Students will no longer be able to set up Multi-Factor Authentication (MFA) on their Google accounts. Attackers have been exploiting this feature by enabling MFA themselves to strengthen their hold on compromised accounts. By blocking this option, we disrupt their process.
@rmondello.com Neven got this email from Portland Public Schools that is relevant to your interests. I'll be thinking about it for a while…
iPhone 17, iPhone Air, and iPhone 17 Pro all support
Memory Integrity Enforcement bringing a significant advancement in memory safety - including to developers as part of the Enhanced Security feature announced earlier this year at WWDC
With iOS 26.0, we're introducing support for Wi-Fi Aware via AccessorySetupKit - this makes it easy for users to connect to and set up your accessories securely, and build peer to peer connectivity experiences with DeviceDiscoveryUI!
https://developer.apple.com/videos/play/wwdc2025/228
#wwdc25
We've launched support for developers to build their own security hardened extensions, distribute apps using Pointer Authentication, and access a range of other security mitigations: https://developer.apple.com/documentation/xcode/enabling-enhanced-security-for-your-app
#wwdc25
This is a hugely important update for CryptoKit - make sure you check out the session to learn more about what you do (and don’t) need to do as an App Developer to protect against quantum computers.
New post on the Swift blog: we re-wrote the Password Monitoring service for Apple Passwords in Swift and saw huge improvements in memory use and throughput. Some of the details here still blow my mind; it's a fun read. https://www.swift.org/blog/swift-at-apple-migrating-the-password-monitoring-servi
Manta rays off the coast of Hawaii!
Picked up my Close Your Rings Day pin! (Happy 10th birthday to Apple Watch)
👋 from the Swift team, now on Bluesky!
Decided to do the #promosky as I’m looking for more friends (MDNI), especially people to play games with 🙂
🎮 Zelda, Kirby, Skyrim, No Man’s Sky, Stellaris, Civilization
📺 Dragon Prince, Severance, Foundation
📖 Arc of a Scythe, Mistborn
🎨 Used to write so artists are also welcome (🚫 NFT, genAI)
Maybe a catastrophic natural disaster isn't the best way to advertise your features in an app for managing your smart devices LG
CISA has launched guidance on protecting mobile devices given recent threats against telecommunications infrastructure - including the benefit of Lockdown Mode, Private Relay, and the Passwords app
Do you want to work on designing the security of the latest Apple products and features that will be used by over a billion users? Our team is hiring for engineers to help provide security leadership!
https://jobs.apple.com/en-us/details/200582891/security-reviewer-secure-design
My colleagues in the Cryptographic Engineering team within SEAR are hiring in Paris! They're an incredibly talented team working on challenging real world problems - if you're interested please do consider applying
https://jobs.apple.com/en-us/details/200578463/cryptography-engineer-expert
Despite increasing legislation, and a low minimum bar for compliance, it’s incredible (albeit not surprising) how many device manufacturers and software vendors still struggle to provide that bare minimum to allow researchers to report security vulnerabilities
Screenshot of dashboard scores — Chrome 99, Edge 98, Firefox 99, Safari 99
Just look at that Interop 2024 score…
wpt.fyi/interop-2024
Need to improve memory safety in existing unsafe C code? My colleagues have published a patch for clang that introduces support for -f-bounds-safety!
https://github.com/swiftlang/llvm-project/pull/9665
It's going to be a bumper year for "Crypto Means Cryptograpy" stickers
https://www.bloomberg.com/news/articles/2024-11-20/trump-team-mulls-creating-first-ever-white-house-crypto-role
As expected, the first episode of Silo season two was superb.
Proud of my colleagues who have driven the work on this - we just launched a huge amount of security material for PCC (Private Cloud Compute), including a new security guide, Virtual Research Environment, and source code
https://security.apple.com/blog/pcc-security-research/
