The iOS 12 security guide [PDF] is now available. This is the first time Apple has published a security guide so quickly after an iOS launch. It covers things like Siri Suggestions, Shortcuts, Screen Time, Password AutoFill, and more.
[Here’s How to Avoid Becoming the United State]
iOS 12 Security Guide
One thing I noticed in the new Shortcuts app is the ability of shortcuts to run JavaScript. In the iOS 12 security guide there is a section that explains how the company protects against malicious JavaScript within shortcuts.
In order to protect against malicious JavaScript that, for example, trick the user into running a script on a social media website that harvests their data, updated malware definitions are downloaded to identify malicious scripts at run-time.
Another interesting tidbit: Screen Time is protected using CloudKit’s end-to-end encryption to protect usage data. This is handy because the feature collects detailed information on how you use your device, which could be an attack vector.