🔺NEW: Apple is expanding Private Cloud Compute (PCC) beyond our data centers. PCC on Google Cloud: NVIDIA Confidential Computing, Intel TDX, and Google's Titan chip, with capabilities that go far beyond a traditional confidential computing deployment. security.apple.com/blog/expa…

🔺NEW: Formally verified post-quantum ML-KEM and ML-DSA in corecrypto, with correctness proven from the FIPS spec down to hand-optimized ARM64 assembly — a world first at multi-billion device scale. And we're releasing our Isabelle libraries, ARM64 model, and Cryptol-to-Isabelle translator to advance the state of the art in verified cryptography! security.apple.com/blog/form…

🔺NEW: iPhone and iPad are now the first and only generally-available devices to meet the exacting security requirements for handling classified NATO information. apple.com/newsroom/2026/02/i…

🔺New security-focused developer event on March 5 at Apple Park: featuring sessions on Memory Integrity Enforcement, new tools in Enhanced Security in Xcode, Apple’s defensive security engineering approach, Swift adoption in security-sensitive code, and how to apply all these techniques to protect apps. Sign up: developer.apple.com/events/v…

🔺This is the first talk I've given in 6 years – featuring formal verification of post-quantum cryptography, the evolution of the Secure Page Table Monitor, a view into Memory Integrity Enforcement, updates to Apple Security Bounty… and a personal note.

Great News! 👏 @Apple announced they will be donating 1000 iPhone 17s with the much more secure Memory Integrity Enforcement to high-risk users! Another meaningful step that Apple is taking to protect journalists, activists & dissidents from commercial spyware! 1/

🔺iPhone models announced today include Memory Integrity Enforcement, the culmination of an unprecedented design and engineering effort that we believe represents the most significant upgrade to memory safety in the history of consumer operating systems. security.apple.com/blog/memo…

🔺New on Apple Security Research blog: a deeply comprehensive Private Cloud Compute security guide, and an unprecedented Virtual Research Environment allowing you to run production PCC software right on your Mac with Apple silicon. And up to a $1M bounty! security.apple.com/blog/pcc-…

🔺New on the Apple Security Research blog: introducing Private Cloud Compute! We believe this is the most advanced security architecture ever deployed for cloud AI compute at scale. security.apple.com/blog/priv…

Are you excited to use the power of safe modern programming languages like Swift to make software more secure? My SPEAR team at Apple is hiring a Swift Software Engineer to do exactly that! jobs.apple.com/en-us/details…

🔺Now live: the May 2024 update to the Apple Platform Security Guide! support.apple.com/guide/secu…

🔺New on the Apple Security Research blog: introducing PQ3, a groundbreaking post-quantum cryptographic protocol for iMessage. To our knowledge, PQ3 has the strongest security properties of any at-scale messaging protocol in the world. security.apple.com/blog/imes…

With iOS 17.2 and macOS 14.2 now released, Contact Key Verification 🔐 is available for everybody to enable. Very proud of the work the team has done to ship this groundbreaking feature and advance the state of iMessage security! security.apple.com/blog/imes…

🔺My new op-ed in Lawfare: Personal Data in the Cloud is Under Siege. End-to-end Encryption Is Our Most Powerful Defense. lawfaremedia.org/article/per…

If you are interested in uArch Security, we just opened an internship position at @Apple! The position is focused on offensive research, and you will be contributing to the security of some of our most advanced CPUs in one of the coolest teams. Apply at: jobs.apple.com/en-us/details…

🔺New on the Apple Security Research blog: a brief technical overview of iMessage Contact Key Verification! security.apple.com/blog/imes…

🔺New on the Apple Security Research blog: we pit our hardened kalloc_type XNU allocator against SockPuppet, a powerful vulnerability from the past: security.apple.com/blog/what…

I have been beta testing the new ASB submission portal for over a year. Apple did an awesome job with this! You can: ✅see the status of your report ✅typically get more frequent updates ✅see the CVE, bounty, advisory for each case ✅export all to CSV security.apple.com/bounty/

LIVE: Apple Security Research, our new blog and website at security.apple.com! We launch with an update on Apple Security Bounty (security.apple.com/blog/appl…), and a deep dive into some fundamental XNU memory safety improvements with kalloc_type (security.apple.com/blog/towa…). Enjoy!