Apple has announced a significant security enhancement called Memory Integrity Enforcement (MIE) for the upcoming iPhone 17 lineup and iPhone Air. Described as “the most significant upgrade to memory safety in the history of consumer operating systems,” MIE is designed to thwart spyware developers, particularly those creating tools like Pegasus, by providing always-on protection against memory-related exploits.
MIE safeguards critical attack surfaces, encompassing the kernel and over 70 user-land processes. It leverages Apple’s Enhanced Memory Tagging Extension (EMTE) and incorporates secure typed allocators and tag confidentiality protections. This approach, according to Apple, mirrors Microsoft’s memory integrity features in Windows 11 and mitigations against Spectre-like vulnerabilities.
The company also acknowledges ARM’s Memory Tagging Extension (MTE), which is utilized in Google Pixel 8 phones with Advanced Protection enabled. However, Apple asserts that its MIE implementation offers broader protection by default for all users. The new A19 and A19 Pro chips are specifically engineered to enhance security, and memory safety modifications are also being implemented for older hardware lacking the advanced memory-tagging capabilities.
Apple emphasizes that its Spectre V1 mitigation operates with “virtually zero CPU cost,” addressing past performance concerns associated with memory integrity features. These collective changes aim to increase the cost and complexity for developers of “mercenary spyware.”
While the GrapheneOS project recognized the “major security improvements” and their potential to bolster iPhone security, they also expressed reservations regarding Apple’s presentation and its comparison to Android’s MTE implementation. The true effectiveness of these security enhancements will be determined once the iPhone 17 and iPhone Air are released and subjected to real-world attack attempts.
