OS upgrades, security and Apple Intelligence
It’s an old saying: the most secure software is up-to-date software. But it is also true. By using the latest version of software, you will improve the security posture of your users, devices and entire IT infrastructure. This blog highlights how upgrading your Apple operating systems across your devices creates a more secure organization.
Apple creates some of the most secure devices and operating systems (OS) in the market. To reduce the chance of users becoming victims of malware, spyware or other vulnerabilities, Apple bakes security into their hardware, systems, apps and services.
But perfection is impossible. Attackers are constantly developing tactics to infiltrate devices, including by exploiting vulnerabilities or bugs in software. This is why Apple releases patches to their operating systems — for both minor versions and annual major releases.
As Apple states, “Security is a process.” There needs to be a consistent, effective way to quickly update devices with the latest security updates. This is true whether it’s your personal device where you’ve allowed for automatic updates, or whether you’re an IT admin managing a device fleet with dozens to thousands of devices. As admins, getting these devices updated means you:
- Reduce security vulnerabilities
- Keep users happy and productive
- Get the latest management, security and other new features
Beyond getting necessary security updates, users simply want to update their devices to the newest major OS to access the latest enhancements to the user experience. For example, at the 2024 Apple Worldwide Developers Conference (WWDC), Apple announced a number of exciting upcoming features — for example, the features that make up Apple Intelligence.
In this blog, we’ll talk about how upgrading to the newest OS on devices that contain Apple Intelligence and its impact to security and user privacy.
Learn how to restrict Apple Intelligence in Jamf Pro.
Apple Intelligence
Apple Intelligence is the personal intelligence system that harnesses the power of Apple silicon to understand and create language and images, take action across apps, and draw from personal context to simplify and accelerate everyday tasks while taking an extraordinary step forward for privacy in AI.
This sounds convenient, right? Or maybe you’re wondering what this means for your personal and organizational data? This is why Apple designed Apple Intelligence to be the most private and secure personal intelligence system on the market. They did this in part by processing most requests on device and by sending more complex requests to the newly created Private Cloud Compute (PCC).
When your request is sent to Private Cloud Compute, no data is stored and the cloud instance is only used for user requests. Built with Apple silicon, the Secure Enclave and secure boot, Apple designed PCC with privacy and security in mind, based on an extraordinary set of core requirements:
- Stateless computation on personal user data: PCC can only use personal user data for the purpose of fulfilling a request
- Enforceable guarantees: PCC must not depend on external components for its core security and privacy guarantees
- No privileged runtime access: PCC must not contain privileged interfaces that would enable Apple’s site reliability staff to bypass PCC privacy guarantees
- Non-targetability: Attackers must not be able to compromise personal data that belongs to specific PCC users without attempting a broad compromise on the PCC system
- Verifiable transparency: Independent security experts must be able to review the code that runs on Apple Silicon servers
Learn more about what Apple Intelligence is capable of.
Apple Intelligence and security
Despite these principles, admins are considering how Apple Intelligence impacts their posture. Apple Intelligence is enabled by default on compatible devices running macOS 15, iOS 18 or iPadOS 18 and they’ve provided ways for mobile device management (MDM) vendors to give organizations the power to enable or disable Apple Intelligence via MDM.
- Genmoji generates emojis based on a user’s text description or photo. They can be added to messages, inline, as a reaction or as a sticker. MDM prevents users from creating Genmojis with Apple Intelligence when the allowGenmojirestriction is set to false.
- Image Playground allows users to create an image using the context from their surrounding. MDM can prevent users from using this feature by setting the allowImagePlayground restriction to false.
- Writing Tools help users write more clearly, proofread text, rewrite for the correct tone and words, or summarize selected text. Disallow this feature by setting the allowWritingTools restriction to false. Note that users will also not be able to access ChatGPT when this is set to false.
- Image Wand (iOS only) helps users transform their rough sketch into a related image in the Notes app. Disable this by setting the allowImageWand restriction to false.
Jamf Pro 11.9 and later supports the MDM restrictions to allow or disallow Apple Intelligence features. Since September 3rd, when Jamf Pro 11.9 released, Jamf customers have been able to test these features in their environment with the iOS and iPadOS 18.1 and macOS 15.1 betas. Now, with Apple Intelligence features in GA, Apple admins can use Jamf to allow or disallow Apple Intelligence features based on their organizations guidelines and requirements.
Restriction settings in Jamf Pro for Apple Intelligence
What’s next for organizations
Keeping your devices updated is crucial to keeping them secured. Are you prepared for the next round of major Apple OS updates?
Organizations use Jamf to upgrade their devices. With dynamic inventory tools, multiple deployment paths and the ability to leverage Apple security controls, Jamf ensures management and security workflows are kept intact throughout the upgrade process — from the day the new OS is released.
Learn how to restrict Apple Intelligence in Jamf Pro in this video:
Subscribe to the Jamf Blog
Have market trends, Apple updates and Jamf news delivered directly to your inbox.
To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.