Feed: Slashdot
Feed Link: https://slashdot.org/
---

Title: Apple Claims 'Most Significant Upgrade to Memory Safety' in OS History

Link: https://apple.slashdot.org/story/25/09/14/228...

"There has never been a successful, widespread malware attack against
iPhone," notes Apple's security blog, pointing out that "The only system-
level iOS attacks we observe in the wild come from mercenary spyware...
historically associated with state actors and [using] exploit chains that
cost millions of dollars..." But they're doing something about it - this week
announcing a new always-on memory-safety protection in the iPhone 17 lineup
and iPhone Air (including the kernel and over 70 userland processes)... Known
mercenary spyware chains used against iOS share a common denominator with
those targeting Windows and Android: they exploit memory safety
vulnerabilities, which are interchangeable, powerful, and exist throughout
the industry... For Apple, improving memory safety is a broad effort that
includes developing with safe languages and deploying mitigations at scale...
Our analysis found that, when employed as a real-time defensive measure, the
original Arm Memory Tagging Extension (MTE) release exhibited weaknesses that
were unacceptable to us, and we worked with Arm to address these shortcomings
in the new Enhanced Memory Tagging Extension (EMTE) specification, released
in 2022. More importantly, our analysis showed that while EMTE had great
potential as specified, a rigorous implementation with deep hardware and
operating system support could be a breakthrough that produces an
extraordinary new security mechanism.... Ultimately, we determined that to
deliver truly best-in-class memory safety, we would carry out a massive
engineering effort spanning all of Apple - including updates to Apple
silicon, our operating systems, and our software frameworks. This effort,
together with our highly successful secure memory allocator work, would
transform MTE from a helpful debugging tool into a groundbreaking new
security feature. Today we're introducing the culmination of this effort:
Memory Integrity Enforcement (MIE), our comprehensive memory safety defense
for Apple platforms. Memory Integrity Enforcement is built on the robust
foundation provided by our secure memory allocators, coupled with Enhanced
Memory Tagging Extension (EMTE) in synchronous mode, and supported by
extensive Tag Confidentiality Enforcement policies. MIE is built right into
Apple hardware and software in all models of iPhone 17 and iPhone Air and
offers unparalleled, always-on memory safety protection for our key attack
surfaces including the kernel, while maintaining the power and performance
that users expect. In addition, we're making EMTE available to all Apple
developers in Xcode as part of the new Enhanced Security feature that we
released earlier this year during WWDC... Based on our evaluations pitting
Memory Integrity Enforcement against exceptionally sophisticated mercenary
spyware attacks from the last three years, we believe MIE will make exploit
chains significantly more expensive and difficult to develop and maintain,
disrupt many of the most effective exploitation techniques from the last 25
years, and completely redefine the landscape of memory safety for Apple
products. Because of how dramatically it reduces an attacker's ability to
exploit memory corruption vulnerabilities on our devices, we believe Memory
Integrity Enforcement represents the most significant upgrade to memory
safety in the history of consumer operating systems.

Read more of this story at Slashdot.

---
VRSS v2.1.180528