Apple claims it is introducing “the most significant upgrade to memory safety in the history of consumer operating systems”.
Apple claims it is introducing “the most significant upgrade to memory safety in the history of consumer operating systems”.
The tech giant – which unveiled the iPhone 17 family of devices this week – has also unveiled plans to target the spyware industry with what the company has branded Memory Integrity Enforcement.
Changes are being made to Apple’s OS, chips and development tools to tackle those who make exploits for tools like Pegasus.
They said in a blog post: “With the introduction of the iPhone 17 lineup and iPhone Air, we’re excited to deliver Memory Integrity Enforcement:
“The industry’s first ever, comprehensive, always-on memory-safety protection covering key attack surfaces — including the kernel and over 70 userland processes — built on the Enhanced Memory Tagging Extension (EMTE) and supported by secure typed allocators and tag confidentiality protections.”
Microsoft previously made a similar move with memory integrity security features in Windows 11, whbile ARM has use the Memory Tagging Extension to tackled memory bugs on Google’s Pixel phones.
Apple added: “Consider that MTE can be configured to report memory corruption either synchronously or asynchronously.
“In the latter mode, memory corruption doesn’t immediately raise an exception, leaving a race window open for attackers. We would not implement such a mechanism.
“We believe memory safety protections need to be strictly synchronous, on by default, and working continuously.
“But supporting always-on, synchronous MTE across key attack surfaces while preserving a great, high-performance user experience is extremely demanding for hardware to support.”
The company hailed its so-called “industry-leading security of iPhone”, noting that “the vast majority of our users never face system-level attacks on their devices”.
They added: “Our work on memory safety is aimed primarily at the mercenary spyware and surveillance industry, which spends many millions of dollars to exploit memory corruption vulnerabilities and target a small number of individuals because of who they are and what they do.”
Apple introduces huge new security boost
