Apple Unveils iPhone Memory Protections to Combat Sophisticated Attacks

[Miravi]

Content source

https://www.securityweek.com/apple-unveils-iphone-memory-protections-to-combat-sophisticated-attacks/

The new feature is called Memory Integrity Enforcement (MIE) and the tech giant says it provides always-on memory safety protection for the latest phones. The new iPhone lineup is running iOS 26.

Apple pointed out that while its iOS operating system has not been hit by widespread malware attacks, iPhones are regularly targeted by well-resourced threat actors.

These attacks typically involve exploits created by ‘lawful’ surveillance solutions providers. These companies are often referred to as mercenary spyware vendors because while they claim to only provide their services to government agencies for purposes of national security and criminal investigations, in reality their products are in many cases sold to authoritarian regimes and end up being used against journalists, human rights activists, and political dissidents.

The exploits developed by these spyware vendors often involve memory safety vulnerabilities and Apple’s new MIE protection aims to make exploitation of such flaws significantly more difficult.

According to Apple, the MIE feature leverages Arm’s Enhanced Memory Tagging Extension (EMTE), which the chip giant released in 2022 as an update to its 2019 Memory Tagging Extension (MTE) specification following a collaboration with Apple.

MIE uses EMTE along with secure memory allocators, and extensive Tag Confidentiality Enforcement policies to provide protection in the kernel, Safari, and Messages.

After testing MIE against known exploit chains and recent vulnerabilities, Apple found that it’s highly efficient in blocking attacks in their early stages, preventing threat actors from reviving exploit chains by swapping out one bug for another.

Apple Unveils iPhone Memory Protections to Combat Sophisticated Attacks

Apple's iPhone 17 and iPhone Air include a new memory protection feature to safeguard devices against sophisticated spyware attacks.

www.securityweek.com

 

[ForgottenSeer 114717]

Making me think it would be a good decision to upgrade.

Nah. I'll keep me iPhone 12 another 10 years and my iPhone 6 is still going strong since Apple keeps updating it. It probably has another 5 to 10 years of life. Perhaps longer.

You almost got me Apple. To spend money that I don't need to spend.

 

[[correlate]]

Apple Integrates Memory Integrity Enforcement (MIE) and Enhanced Memory Tagging Extension (EMTE): New defenses in iPhones with the A19 chip eliminate entire classes of memory exploits. These features harden devices against use-after-free and buffer overflow bugs.

 

[ForgottenSeer 114717]

View attachment 290894

Who performed the testing? Apple? Or a truly independent, unpaid 3rd party?

I wonder how whomever made this chart determined what protection blocks at each step. It's a relevant question because doing exploit kill chain step-wise evaluations and mappings to protections is no trivial matter. Not done carefully, the results are often wrong, inaccurate, or misleading (omission of details material to readers' full and accurate understanding).

Then, we cannot determine if each of the illustrated exploit chains is for both use-after-free and buffer-overflow or just one of those two. If just one, then which one for each depicted exploit chain?

It sure is pretty though. Sure to be a great marketing tool to get people to spend their money.

 

[Victor M]

Nah. I'll keep me iPhone 12 another 10 years and my iPhone 6 is still going strong

HaHa, in 10 years' time we will probably have TerraBit cellular transmission. You will be forced to upgrade.

 

[ForgottenSeer 114717]

HaHa, in 10 years' time we will probably have TerraBit cellular transmission. You will be forced to upgrade.

Yeap. And off-topic but more young people will state that people who write in cursive are N**is.

 

[[correlate]]

Who performed the testing? Apple? Or a truly independent, unpaid 3rd party?

I wonder how whomever made this chart determined what protection blocks at each step. It's a relevant question because doing exploit kill chain step-wise evaluations and mappings to protections is no trivial matter. Not done carefully, the results are often wrong, inaccurate, or misleading (omission of details material to readers' full and accurate understanding).

Then, we cannot determine if each of the illustrated exploit chains is for both use-after-free and buffer-overflow or just one of those two. If just one, then which one for each depicted exploit chain?

It sure is pretty though. Sure to be a great marketing tool to get people to spend their money.

You can find the report here on the official website.

Memory Integrity Enforcement: A complete vision for memory safety in Apple devices - Apple Security Research

 

[ForgottenSeer 114717]

Memory Integrity Enforcement: A complete vision for memory safety in Apple devices - Apple Security Research

Thank You

 

[ForgottenSeer 114717]

Advisory: Since this is to be newly released on iPhone 17, consumers are advised to wait until 18 or 19 to give Apple a reasonable amount of time to work out the problems.

3rd party Apple app developers will be the ones most affected, and in turn, consumers of Apple iPhone 17.

What the article states is that the details are available to developers, but it does not state that those developers are required to use it in their apps. So it more or less means that consumers can expect these protections to work only on Apple developed apps - and it is probable that not every single Apple developed app will be coded to take advantage of the new memory protections.

If Apple does require developers to integrate what is required to take advantage of the forthcoming Enhanced Security then it does not explicitly state it in that section of documentation. I bet it's not stated explicitly anywhere except some agreement not available to the public - if such a mandatory agreement or terms exist at all.