Apple Platform Security
-
Welcome
-
Introduction
-
-
Services security overview
-
-
Apple Pay overview
-
Apple Pay components
-
Secure Element and NFC controller
-
Payment authorization
-
Transaction-specific dynamic security code
-
Pay with credit and debit cards in stores
-
Pay with credit and debit cards within apps
-
Paying with credit and debit cards on the web
-
Contactless passes
-
Render cards unusable
-
Suspending, removing, and erasing cards
-
Apple Cash
-
Transit cards
-
Credit and debit cards for transit
-
Student ID cards
-
-
Business Chat
-
FaceTime
-
-
-
Developer Kits overview
-
-
HomeKit identity
-
Communication with HomeKit accessories
-
Local data storage
-
Data synchronization between devices and users
-
Home data and apps
-
HomeKit and Siri
-
HomeKit IP cameras
-
HomeKit routers
-
iCloud remote access for HomeKit accessories
-
HomeKit TV Remote accessories
-
Apple TV profiles for HomeKit homes
-
-
CloudKit
-
SiriKit
-
DriverKit
-
Camera and ARKit
-
-
-
Secure device management overview
-
Pairing model
-
Passcode and password settings management
-
Configuration enforcement
-
Mobile device management (MDM)
-
Automated Device Enrollment
-
Apple Configurator 2
-
Device supervision
-
Device restrictions
-
Activation Lock
-
Lost Mode, remote wipe, and remote lock
-
Screen Time
-
-
Glossary
-
Document Revision History
-
Copyright

Secure software updates overview
Apple regularly releases software updates to address emerging security concerns and to provide new features; these updates are generally provided for all supported devices simultaneously. Users of iOS and iPadOS devices receive update notifications on the device and through iTunes (in macOS 10.14 or earlier) or the Finder (macOS 10.15 or later). macOS updates are available in System Preferences. Updates are delivered wirelessly, for rapid adoption of the latest security fixes.
The startup process helps ensure that only Apple-signed code is being installed. For example, System Software Authorization ensures that only legitimate copies of operating system versions that are actively being signed by Apple can be installed on iOS and iPadOS devices, or Mac computers with the Full Security setting configured as the secure boot policy in the Startup Security Utility. This system prevents iOS and iPadOS devices from being downgraded to older versions that lack the latest security updates, and can be used by Apple to prevent similar downgrades in macOS. Without this protection, an attacker who gains possession of a device could install an older version of iOS or iPadOS and exploit a vulnerability that’s been fixed in newer versions.
In addition, when a device is physically connected to a Mac, a full copy of iOS or iPadOS is downloaded and installed. But for over-the-air (OTA) software updates, only the components required to complete an update are downloaded, improving network efficiency by not downloading the entire OS. Additionally, software updates can be cached on a Mac running macOS 10.13 or later with Content Caching turned on, so that iOS and iPadOS devices don’t need to redownload the necessary update over the Internet. They’ll still need to contact Apple servers to complete the update process.