Ivan Krstić
@radian
Followers
11,038
Following
900
Media
5
Statuses
72
Head of Security Engineering+Architecture (SEAR) at Apple. I don’t speak for my employer.
San Francisco, CA
Joined March 2011
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Colorado
• 133022 Tweets
Notre Dame
• 115160 Tweets
Kentucky
• 67807 Tweets
#仮面ライダーガヴ
• 56513 Tweets
The Weeknd
• 55885 Tweets
#AEWAllOut
• 52537 Tweets
Northern Illinois
• 38507 Tweets
Nebraska
• 35411 Tweets
Abel
• 29945 Tweets
Carti
• 29475 Tweets
#ブンブンジャー
• 25101 Tweets
Auburn
• 24168 Tweets
Talleres
• 24055 Tweets
#UFCVegas97
• 18724 Tweets
Medina
• 15765 Tweets
Willow
• 15755 Tweets
Bama
• 13979 Tweets
#ニノさん
• 13680 Tweets
Skullduggery
• 13293 Tweets
ショウマ
• 12907 Tweets
Herrera
• 12867 Tweets
ひろプリ
• 11876 Tweets
My Cryptographic Engineering team did fantastic work on the rigorous privacy properties of the new Find My system. Wired takes a look:
15
301
771
Now live!
🔺The new Apple Security Bounty!
🔺The new Apple Platform Security guide, featuring Mac for the first time!
(PDF version: )
🔺My Black Hat 2019 talk:
Happy holidays! 🎄
8
300
745
While the vast majority of users will never be the victims of highly targeted cyberattacks, Apple will work tirelessly to protect the small number of users who are. I’m deeply proud of our next steps, including a groundbreaking feature: Lockdown Mode.
40
188
688
LIVE: Apple Security Research, our new blog and website at ! We launch with an update on Apple Security Bounty (), and a deep dive into some fundamental XNU memory safety improvements with kalloc_type (). Enjoy!
30
243
638
Mac secure boot (with two world firsts: DMA defense from PCIe Bus 0, and the Option ROM sandbox), iOS kernel integrity, Pointer Auth Codes (PAC), APRR register, Page Protection Layer (PPL), and novel Find My crypto — all in my slides from Black Hat 2019!
6
178
562
The steps Apple is taking today will send a clear message: in a free society, it is unacceptable to weaponize powerful state-sponsored spyware against innocent users and those who seek to make the world a better place.
26
151
519
🔺New on the Apple Security Research blog: introducing Private Cloud Compute! We believe this is the most advanced security architecture ever deployed for cloud AI compute at scale.
12
152
416
Happy iOS 12 day! Our updated iOS Security Guide is hot off the presses:
7
213
376
🔺New on the Apple Security Research blog: introducing PQ3, a groundbreaking post-quantum cryptographic protocol for iMessage. To our knowledge, PQ3 has the strongest security properties of any at-scale messaging protocol in the world.
9
133
377
Very excited to return to the Black Hat stage this year to talk about some world-class Apple security features! iOS code integrity and Pointer Authentication Codes, Mac secure boot with the T2 Security Chip, the crypto behind the Find My feature, and more:
7
95
335
Terrific writeup in the Financial Times. Incredibly proud of my team – astounding talent and clarity of purpose in protecting users on a billion devices, from silicon to software. And we’re hiring. Want to work with the finest security group in the world? My DMs are open!
7
119
331
Regarding Spectre and Meltdown impact on iOS, macOS and Safari/WebKit:
6
232
301
We’ve released the first Security Overview for the Apple T2 Security Chip! Mac secure boot, storage encryption, and more, e.g.: “Mac portables with the T2 chip have a hardware disconnect that ensures the microphone is disabled when the lid is closed.”
5
153
298
Slides are up for my Black Hat talk, Behind the Scenes with iOS Security:
2
198
275
🔺New on the Apple Security Research blog: a brief technical overview of iMessage Contact Key Verification!
6
88
270
🔺New on the Apple Security Research blog: we pit our hardened kalloc_type XNU allocator against SockPuppet, a powerful vulnerability from the past:
2
86
248
NEW! Privacy-Preserving Contact Tracing from Apple and Google:
10
81
227
Video for Behind the Scenes with iOS Security is now up, including the Apple Security Bounty announcement:
6
129
206
TechCrunch: “Apple has pushed a silent Mac update to remove hidden Zoom web server”
4
67
200
Security Update 2017-001 is now available for High Sierra, addressing the root login problem.
9
288
177
The updated iOS Security Guide now covers iOS 11.2, including Face ID and Apple Pay Cash:
2
98
164
🔺Now live: the May 2024 update to the Apple Platform Security Guide!
5
44
140
It’s my privilege to work with the best team in the world. Want to shape the next 10 years of cutting-edge security with us? DMs are open.
iPhone is 10 years old today. After 10 years, not a single serious malware case. It's not just luck; we need to congratulate Apple on this.
159
9K
13K
0
42
95
New on Face ID: . Incl: “TrueDepth camera randomizes …depth map captures, projects a device-specific random pattern”
1
52
91
Plus the new Apple Security Bounty, featuring all Apple platforms and open to everyone, million dollar max payout, live later this year — and iOS Security Research Device program, an unprecedented, Apple-supported research platform for talented researchers, coming next year!
4
26
71
🔺My new op-ed in Lawfare: Personal Data in the Cloud is Under Siege. End-to-end Encryption Is Our Most Powerful Defense.
1
23
59
@TimoHirvonen
@axi0mX
My 2016 Black Hat talk goes into detail on Data Protection, and covers master key derivation in the process. Relevant part of the talk is here:
1
0
9
@ohunt
@realmrpippy
@gte
This is called Fast Permission Restrictions (APRR). A CPU register is used to avoid the overhead of a syscall and walking PTEs. See 22:11 into this talk:
1
1
9
@alexstamos
Find My crypto is one of the topics we’ll cover at Black Hat!
Very excited to return to the Black Hat stage this year to talk about some world-class Apple security features! iOS code integrity and Pointer Authentication Codes, Mac secure boot with the T2 Security Chip, the crypto behind the Find My feature, and more:
7
95
335
0
4
6
@Goran_Majic
Hi Goran – see the section titled "Enable DIT for constant-time cryptographic operations" in , and especially: "Apple cryptographic routines ... in the operating system enable DIT internally."
1
0
5
Very excited to return to the Black Hat stage this year to talk about some world-class Apple security features! iOS code integrity and Pointer Authentication Codes, Mac secure boot with the T2 Security Chip, the crypto behind the Find My feature, and more:
7
95
335
1
0
5
@secparam
Find My crypto is one of the topics we’ll cover at Black Hat!
Very excited to return to the Black Hat stage this year to talk about some world-class Apple security features! iOS code integrity and Pointer Authentication Codes, Mac secure boot with the T2 Security Chip, the crypto behind the Find My feature, and more:
7
95
335
0
0
4
@tapbot_paul
Hey Paul! Take a look at under “Verify that your app is Developer ID-signed and notarized” and let me know if that answers your question.
0
0
2