The TOE is the Apple iOS and iPadOS Safari application which runs on iPad and iPhone devices. The product provides access to HTTPS/TLS connections via a browser for user connectivity.
\r\nNote: The TOE is the Safari software only. The Apple iOS and iPadOS operating systems are undergoing evaluation separately.
","evaluation_configuration":"The TOE is an application on a mobile operating system. The Apple iOS and iPadOS operating systems are being separately validated against the Protection Profile for Mobile Device Fundamentals Version 3.1. The mobile operating system and hardware platforms are part of the TOE environment. The evaluated version of the TOE is version 13.4.1.
","security_evaluation_summary":"The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Apple iOS and iPadOS 13 Safari was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 5. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 5. The product, when delivered configured as identified in the Apple iOS and iPadOS 13 Safari Common Criteria Guide, satisfies all of the security functional requirements stated in the Apple iOS and iPadOS 13 Safari Security Target. The project underwent CCEVS Validator review. The evaluation was completed in June 2020. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.
","environmental_strengths":"The TOE provides the security functionality required by [SWAPP] and [WEBBROWSEREP].
\r\nCryptographic Support
\r\nThe platform provides TLS/HTTPS connectivity for users attempting to communicate with secure URLs. The TOE does not directly perform any cryptographic functions. The TOE invokes the platform cryptography for secure credential storage.
\r\nUser Data Protection
\r\nThe TOE requests access to network connectivity, camera, microphone, location services, and address book, and communicates with the wireless network when invoked by the user. The TOE runs inside of a sandbox where each browser tab is isolated. In addition, the TOE supports blocking of third-party cookies. When a cookie has been set with the ‘secure’ attribute, the TOE will only send the cookie over HTTPS.
\r\nSecurity Management
\r\nThe platform provides the ability to configure the TOE. No credentials are installed by default.
\r\nPrivacy
\r\nIf the user logs into iCloud Account on two or more devices, two devices within Bluetooth range of each other have the ability to automatically “continue” browsing with the same URL provided via iCloud.
\r\nThe TOE does not specifically request PII from the user. Any information provided by the user is entered without prompting from the TOE.
\r\nProtection of the TSF
\r\nThe TOE does not permit automatic downloads. All downloads are at the request of a user and require approval. The TOE does not support add-ons. The only supported mobile code is signed JavaScript. No third-party libraries are leveraged by the TOE. The TOE platform verifies all software updates via digital signature.
\r\nTrusted Path/Channels
\r\nThe TOE is a software application. The TOE leverages the platform to establish HTTPS/TLS protected communications.
","features":[]}