PR piece, but the buried lede here is lockdown mode, which offers much stricter security for those with stronger threat models.

From what I’ve understood the “lockdown mode” is in practical terms nothing more than a “more sensible (security-wise) mode”, because it just seems to:

• disable site-previews – I never understood the actual need for these; (*)
• disable opening of attachments except images – something many other software should implement (especially email clients);
• disable JIT for JavaScript – perhaps no JS would be better, but that would break most of the internet nowdays; (no more random blogs that require JS…)
• disabling some behind-the-scene actions like MDM or connecting via cable when not unlocked; (*)
• no new contacts for Apple’s own software;

In fact, I don’t understand why the items I’ve marked with (*) aren’t the default…

Going further, perhaps there could be a few security modes:

• “trust me I’m an expert and certainly I won’t be powned” – i.e. the current standard mode;
• the “new standard mode” whith some improved security, focusing on people that don’t have an IT background, which should include at least the items marked with (*), perhaps coupled with a built-in “safe DNS” (that filters out some malware);
• the “secure mode” – what they call the new lockdown mode;
• the “actual lockdown mode” – that should limit even more things, like for example disable access to camera, microphone, GPS, bluetooth, allow internet connection only through a designated VPN (and thus WiFi and data can only be used to service that VPN), disable applications installation, etc.; (the camera, microphone, etc. could be enabled on demand by explicit action in an iOS generated dialogue, and that only for limited time;)