Mercenary spyware and other memory corruption attacks against iPhone 17 devices will be “immensely more expensive and difficult” due to the new safety defence Apple has introduced with the A19 chip lineup.
Apple claims that the new A19 and A19 Pro chips introduce “the most significant upgrade to memory safety in the history of consumer operating systems” – a Memory Integrity Enforcement (MIE) feature.
“We dedicated an extraordinary amount of Apple silicon resources to security – more than ever before – including CPU area, CPU speed, and memory for tag storage,” Apple Security Engineering and Architecture team said in a blog post.
To fully realize the new comprehensive memory safety defense, Apple spent half a decade conducting a massive engineering effort spanning hardware, operating systems, and software frameworks.
At a hardware level, MIE thwarts common memory corruption techniques commonly used by attackers, such as use-after-free and out-of-bounds vulnerabilities. The goal of these attacks is to create and exploit overlapping interpretations of memory.
Apple is confident that there has never been a successful, widespread malware attack against the iPhone. The only system-level attacks were carried out by mercenary spyware vendors and nation states, spending millions of dollars to target a very small number of specific individuals.
With most memory bugs out of the question, even the most sophisticated spyware attacks will become “significantly more expensive and difficult to develop and maintain.”
Some flaws will be able to survive MIE. Apple specifically mentioned intra-allocation buffer overflows, or bugs where extra data spills into another part of the same program’s memory block, instead of leaking into another program’s memory.
“Such issues are extremely rare, and even fewer will lend themselves to a full end-to-end exploit. Inevitably, attackers must face MIE at a stage where their capabilities are still very limited,” the paper explains.
How does the MIE work?
At its core, MIE attaches tags – like invisible watermarks – to memory regions and ensures that a program can only directly access memory with the same watermark.
Apple calls these watermarks “secure memory allocators.”
When a program frees up memory it no longer needs, MIE changes its watermark, so nothing else can sneak in and access the leftover space.
This type of memory tagging was first introduced with ARM’s Memory Tagging Extension (MTE) specification, which was strengthened in 2022 with a new Enhanced Memory Tagging Extension (EMTE) standard.
Apple’s MIE includes these techniques and builds on top of them by addressing a key weakness: previously, hardware did not check when programs tried to access memory without tags, such as global variables.
Apple introduces systems called “typed allocators” and “tag confidentiality” to enforce memory safety across the operating system.
Typed allocators make sure every piece of memory is used for the right purpose, and tag confidentiality protections, which hide the watermarks from attackers.
Apple also said that MIE also includes novel mitigations for Spectre V1 leaks at virtually zero CPU cost, making such attacks impractical.
“The industry’s first ever, comprehensive, always-on memory-safety protection” covers key attack surfaces, including kernel and over 70 userland (user space) processes.
“Because of how dramatically it reduces an attacker’s ability to exploit memory corruption vulnerabilities on our devices, we believe MIE represents the most significant upgrade to memory safety in the history of consumer operating systems,” Apple claims.
The tech giant is also making enhanced security features available to all Apple developers in Xcode.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked