Security experts have lauded many of the information security and privacy changes introduced this week by Apple as part of its unveiling of iPhone 6, iPhone 6 Plus and Apple Watch.

In addition to a raft of security improvements planned for the upcoming release of iOS 8, Apple has introduced updated biometric fingerprint readers for its devices, which will be required to make payments using the newly announced Apple Pay payment system.

But some security experts say Apple's many announcements this week failed to fully address the iCloud vulnerability that was exploited by hackers who released celebrity photos that had been stored on iOS devices. Plus, an unresolved iOS vulnerability means that data stored on locked devices can still be retrieved using digital forensics tools.

New Features

Many of Apple's security-related moves had been well-documented before being officially announced this week. Those include HomeKit, which is Apple's framework for managing Internet of Things devices, and HealthKit, which stores a user's health and fitness data in encrypted form on a device, including the newly announced Apple Watch. But with the release of the iPhone 6, Apple has now also tweaked the TouchID biometric fingerprint reader built into the device.

More detailed reviews and teardowns of those features will have to wait until Apple begins selling devices built to use the services - and releases iOS 8 - this fall, followed by the release of Apple Watch in early 2015.

Sizing Up Apple Pay Ecosystem

Apple made a big splash with its announcement of the Apple Pay payments platform, which taps near-field communication technology built into the forthcoming iPhone 6, iPhone 6 Plus and Apple Watch.

Despite some details still being scarce, reaction to the new feature has been largely positive, both from a security perspective - including Apple not storing or transmitting any credit card numbers - as well as on the payment card ecosystem front, including backing from industry powerhouses Visa, MasterCard and American Express.

"It's the most secure combination of technology that we've ever deployed," James Anderson, group head of mobile product development at MasterCard, tells The Wall Street Journal.

Based on the details that have been announced to date, Apple's approach sounds quite secure, many experts say. "Apple is doing NFC right, that is, by one-time token passing rather than simply passing the credit card number," says security consultant William Hugh Murray. "This requires partners. As they did with music labels, they have lined up a big enough list of key brands to achieve critical mass."

The country's four biggest banks - including JPMorgan Chase and Bank of America - have signed on to Apple Pay, and five more should be compatible with the system soon after it launches. Discover has also tweeted that it's in discussions to become compatible with Apple Pay.

Just one problem: Currently, only 2.4 percent of U.S. retailers have point-of-sale systems compatible with NFC. Apple CEO Tim Cook acknowledged as much during the Sept. 9 Apple event, saying only 220,000 stores - including McDonald's, Staples, Subway and Target - will be able to accept Apple Pay when it launches.

Still, payment-fraud expert Tom Wills, who runs Singapore-based firm Secure Strategies, says strong support for Apple Pay from those card issuers and retailers means it will have a good chance of succeeding, despite previous attempts to spark mass adoption of smart phone-based NFC payments, such as Google Wallet. "The other strong feature is that Apple Pay is designed to work with both physical point-of-sale and e-commerce transactions via a single consumer wallet."

Fingerprint Secures Payments